Comment Re:In other news... (Score 4, Interesting) 163
While this is true, the attacker does not need physical access for this. All they need is access to an innocent user who can be convinced to plug something in.
The FBI and secret service demonstrated this type of attack back in the early 2000s. They dropped usb drives near banks night drop boxes and front doors that pinged a server with the local ip and machine name and wrote a file locally when plugged in with the autorun on. Something like 70% or so pinged. People where plugging them in to try to figure out who's they were to return them.
Its pretty easy to convince someone to plug something in.