Physical access means an attacker can touch or manipulate a device directly rather than only reaching it over the network. That can include booting from external media, attaching debug hardware, removing storage, or using the machine while it is unlocked or in a vulnerable preboot state.
It matters because many protections assume the attacker is remote. Full-disk encryption, secure boot, and preboot authentication are designed to resist offline theft and tampering, but those defenses can weaken if someone has the laptop in hand. In real attacks, physical access can enable BitLocker bypass attempts, firmware changes, or extraction of secrets from exposed interfaces. Defenders reduce this risk with strong startup protection, BIOS/UEFI hardening, device locks, tamper controls, and careful custody of endpoints.



