One of the basic principles of computer security is that if someone has physical access to a machine, compromising it is simply a matter of time (yes, even technologies like whole-disk encryption via GPG/PGP, BitLocker, or TrueCrypt are often still susceptible to “Evil Maid” attacks). But while all devices are vulnerable to hands-on attacks, some devices are more vulnerable than others.
Innocuous-looking USB accessories for both PCs and smartphones have long been a preferred for attacks aiming to gain unauthorized access to a machine. Devices that look like USB sticks can easily direct a computer they’re plugged into to dump data to an external device or online file storage by mimicking a keyboard/mouse, an attack no antivirus or antimalware software can prevent. Smartphones have been susceptible to similar attacks, even from something as seemingly-innocent as a regular phone charger. These hardware-based attacks have been well-documented, and while a passcode on the device can mitigate such attempts, it’s no cure-all.