[NathanWilliams]

With physical access to a machine’s USB 3 port, someone could insert running code beneith the operating system, and it wouldn’t know.

You could spy on user activity, sniff encryption keys etc

[gpm]

As well as physical access do you also need to set a bios setting? It isn't entirely clear to me but the background information article linked in this thread seems to suggest yes.

[NathanWilliams]

Sorry, I’m not sure, this stuff largely goes over my head. I just understand the basics.

If I had to guess, I wouldn’t be surprised if a different exploit is found that bypasses the bios setting to compliment this one.