The origins of the old hack went back to the days of Steve Wozniak using a whistle from a cereal box to mimic the tones payphones used to signal the carrier that money had been deposited, but the new version is based on some flaws in how voice over LTE (VoLTE) has been designed as well as a flaw in the Android operating system.
South Korean researchers say that because of flaws in how VoLTE has been designed, it is possible to spoof phone calls, conduct denial-of-service attacks and wrack up charges on a customer's bill. And, it is also possible for a Android app to make secret phone calls in the background due to a flaw in the way Android handles permissions for VoLTE compared to regular voice calls. Google is already working on a patch that is planned to be released as part of the November security update.
The problems with VoLTE stem partially from the fact that American carriers have not implemented LTE technology in a standardized way, so it has caused security holes. It also means that each carrier has to do different things in order to fix the issues. The problems were reported to Verizon, AT&T, and T-Mobile back in May, but none have released statements on the matter.