Here is a YouTube video describing, at a super high level, how to tunnel information through a VoIP call. There is nothing really new here, just a quick summary of how to do it. They use the term "Vunnel", man I sure hope that does not catch on.
Note that this attack won't work in a typical enterprise, because virtually all calls are still converted to TDM by media gateways. Typical connections over the PSTN are "lossy" and the information will arrive corrupted. Thats why modems are used. This attack will only work for an end-to-end IP call, where nothing in the network fiddles with the data. An example would be transcoding, where one codec, like G.711 is coverted to G.729, again resulting in lost data.
If this attack becomes an issue, one way to solve it is to make sure only authenticated IP phones and softphones can connect to the call agent. Another way is for an edge security device to watch for "voice" call that are really data calls.