It remotely and to turn it into a snooping device by accessing the microphone feed.
The researcher published technical details about the finding and an attack scenario
The researcher discovered that adding a new user to the target device is a two-step process
With this info, they could send a link request to the Google server.
The exfiltration of the local device data and reproduced the linking request.
Force it to forget stored Wi-Fi networks, force new Bluetooth or Wi-Fi pairings, and more.