Yes, it needs "inside" access for a couple of minutes minimum.
But as he says, these kinds of devices are often in rooms which are unattended and accessed by guests.
This risk should be mitigated through physical security measures.
I don't know how you stop a device from being tricked into downloading a file by being booted up on a trick switch. Maybe physically mounting the UC360 in such a way as to make the network port inaccessible, and ensuring the patch point is not accessible either.