perhaps I mispoke
you don't need actual physical access for a bug in say a web browser to let some malicious web page make outgoing connections from your position on the network