Back in November of 2015, Apple quietly acquired security consultancy firm LegbaCore it has recently been discovered. The acquisition was initially revealed back in December by security researcher Trammell Hudson during a presentation at the 32C3 conference. The acquisition was further corroborated by a series of tweets from founder Xeno Kovah (seen below) and the company’s website, which states that it is “not accepting any new customer engagements.”
Specific details of the acquisition are unclear at this point. Kovah and his partner Corey Kallenberg are working full-time at Apple, although their specific roles are unclear. Kovah only stated that he and Kallenbeg would be working on “low level security” at the company (via MacRumors).
LegbaCore and researcher Trammell Hudson discovered the first firmware worm to affect Macs in Thunderstrike 2, which was publicly revealed last August. Thunderstrike 2 was able to survive a full erase and reinstall of OS X because it attacked firmware tied to specific hardware components. LegbaCore alerted Apple to the problem prior to making it public and Apple was able to begin patching it.
It was during the communication about Thunderstrike 2 that Apple expressed interest in acquiring LegbaCore. “As we were having discussions with Apple in the wake of our presentation this summer,” Kovah tweeted, “it became clear that Apple had some very interesting and highly impactful work that we could participate in.”
This acquisition is more of an acquihire as LegbaCore doesn’t have any private technology aside from the skills of Kovah and Kallenberg. The talent, however, will certainly be useful at Apple to continue improving the company’s software and firmware security efforts.
As we were having discussions with Apple in the wake of our presentation this summer…
— Xeno Kovah (@XenoKovah) November 10, 2015
…it became clear that Apple had some very interesting and highly impactful work that we could participate in
What did Apple hire us to do? We can’t say. :) Well, we can probably say something like “low level security” (I don’t know our job titles)
