Tested on a Samsung Galaxy S3, a Meizu MX2 and a Motorola A953, their "GVS-Attack" was successful independently on whether the device was running the vendor's official Android version or CyanogenMod OS.
"GVS-Attack utilizes an Android system built-in voice assistant module – Google Voice Search," they explain in a paper, and invokes the device's speaker.
"Through Android Intent mechanism, VoicEmployer (their prototype attack app) triggers Google Voice Search to the foreground, and then plays prepared audio files (like “call number 1234 5678”) in the background. Google Voice Search can recognize this voice command and execute corresponding operations."
The researchers have also discovered a vulnerability of status checking in Google Search app, which can be exploited by the GVS-Attack to make the device call arbitrary malicious numbers. This can be executed even when the device is locked and secured with a password, ideally in the early hours of the morning, when the device owner is more likely to be asleep.
In order to execute the attack, a malicious app - in this case their own VoicEmployer - has to be installed on the target's phone and run.
Users who don't lock their phones are even in more danger, as the data contained on their device can be transmitted to the attacker, and he (or she) can gain control of the victim’s Android phone remotely.
The malicious app is able to do all this by bypassing a number of Android permissions (Read Contacts, Write SMS, Send SMS, Internet, Set Alarm, Get Accounts, and so on).
"GVS-Attack can dial a malicious number through playing “call ...”, when this call is answered by an auto audio record machine, actually the data transmission channel has been built. Any audio type of data can be transferred through this channel instead of commonly used Internet connection," they explained.
It's also interesting to note that a number of popular mobile apps weren't able to detect VoicEmployer as malicious.
"Through experiments, the feasibility of our attack schemes has been demonstrated in the real world," they concluded, adding that they hope that their research will "inspire application developers and researchers rethink that zero permission doesn’t mean safety and the speaker can be treated as a new attack surface."