The BaseSAFE team developed an emulation environment for the Samsung “Shannon” baseband processor. By interfacing to AFL they showed how to directly fuzz cellular protocols in this environment. Their work led to the discovery of a 0-day in the Samsung S10 baseband. The work was presented at BlackHat 2020.
BaseSAFE: Baseband SAnitized Fuzzing through Emulation