The NSA has a lot of power over phones, but it's not omnipotent. There are limitations.
The basic hack Snowden is describing is hacking the "baseband processor". A phone is actually two computers: a low-power computer that managed communications with the cell tower, and a high-power compute that manages the screen. Right now, when your phone is in your pocket, that high-power computer is off, but the low-power baseband processor is still running, talking to the tower.
The code in baseband processors is crap. It's relatively easy to find vulnerabilities that can be used to take control of the baseband processor, either by reviewing the code, or setting up a hostile cell tower (like using OpenBTS) and fuzzing. The code is so fragile it's hard not to find a bug in it.
With that said, there are many different baseband processors. There's a good chance that when a vendor ships a new phone, the NSA doesn't have an 0day exploit yet for the new processor that comes with the phone. Also, while they can exploit most phones, there are some phones for which they never find a robust exploit.
Also, once they get into the baseband processor, they then have to get into the main phone system (Android or Apple). That requires a whole new set of exploits, which sometime won't work. That's what recent news about a debug feature in Samsung phones was so important -- because it created a "backdoor" allow a baseband processor to take control of the phone.
Snowden saw programs that were widely successful at getting intelligence from phones, but he doesn't understand the details. Yes, there may be a model of phone out there where the NSA was able to "remotely turn it on" (probably because a baseband processor was never truly off), but that doesn't mean that when you turn off your iPhone that the NSA can do anything with it. Your iPhone, or Brian Williams' phone, is safe from "remote turn on". On the other hand, if you have an iPhone, the NSA is doing its best to find 0day vulnerabilities, in the baseband, in IOS operating system, in the browser, in apps, and so on. You are in danger -- but still, they aren't omnipotent over your phone.
Update: There has been some discussion about "implants" and how this changes the story. I'm not sure it does.
An "implant" is when the NSA intercepts your phone and installs hardware or software on it. Usually this is because they intercepted a shipment, snuck into your hotel room, or ran a remote exploit (via the Internet or via the baseband). Yes, an implant gives the NSA full control over your phone -- but it's difficult getting the implant on your phone in the first place.
But the question was Brian Williams holding a phone asking what the NSA could do to it -- in the future (power it on). He wasn't asking what they'd done to it in the past (install an implant).
My point is simply this: the NSA isn't omnipotent. They can't do everything. They can do a lot of things, and they've been very successful at doing a lot of things, but they aren't God, and they can't do Magic.
Update: The question whether the NSA can technically control a phone is often confused with whether they can legally control your phone.
In theory, the NSA can't operate in the United States -- so the department that'd be hacking your phone would be the FBI.
And what they can do legal is .... I just don't know anymore. I'd've said in the past that they'd need a warrant, but apparently police departments are hacking phones without warrants.