At Defcon.
As the researchers demonstrated in their talk, this gives the attacker access to the Android phone’s SQLite database, allowing them to view, for example, a victim’s texts or contacts. It’s also possible to remotely read the device’s current GPS coordinates and to make outgoing calls without this being shown on the display.
