The commands can be keyed in using touchtones or even using the human voice.
In one test, a phone system run by an unnamed Indian bank had dumped customer PINs. In another, a buffer overflow was triggered against a back-end database. Other attacks can be used to crash phone systems outright."
Link to Original Source