I have an idea: Making and breaking the USB connection itself is a form of input!
1. Supposing all the more-convenient ways have broken down (no keyboard, no mouse, etc.)
2. The OS displays a random 15-60 second countdown telling the user when to unplug the device if they trust it
3. The OS displays a second (random) countdown telling the user when to reconnect the device if they trust it.
4. If both steps succeed to a reasonable level of accuracy (some fudge-factor for humans and for slow-powering-up devices) the OS will begin trusting the HID device and installing drivers etc.
This requires no additional hardware except for a monitor, and evil devices cannot reliably brute-force it without taking a lot of time and being very obvious and obnoxious about it.
So I hand you a malicious USB stick, you plug it in, the computer asks you to unplug it and plug it back in. You do so, because you trust the USB stick (why wouldn't you, free USB stick!).
Maybe it would be better to make you type some characters on the keyboard. Similar tricks with outher human interface devices. That way the user physically can't do it with fake USB sticks.
It would require that all these devices have at least some basic functionality with only some standard drivers. I don't know how true that is right now.
What? No, the operating-system is responsible for the dialog, and it would be saying something like:
"The following USB device has requested direct control over your mouse and keyboard inputs. Do you want to grant it access?"
"Note: If you are unable to interact with your computer, please wait X seconds for emergency instructions on how to enable this device."
You can't make anything totally idiot-proof, but a lot of people will be surprised/scared when a very unusual and seldom-seen dialog pops up when they plug in a particular misbehaving memory stick.
I think that's why he mentioned using random amounts of time for disconnect and reconnect. If your malicious device guesses correctly for the simulation of "fake breaking" (let's say it only has 10% chance of doing that) and similarly for reconnecting (another 10% chance), then the malicious device only has a 1% chance of fooling the PC.
Not great, but certainly a lot better than a 100% certainty of fooling the PC.
Yep, that's what the randomness is for, and you can also add entropy by randomizing the time before the dialog starts to present he user with the "emergency connect mode instructions" which explain the disconnect/reconnect process.
Plus, 99% of the time the user is not plugging in a HID device, so the "unrecognized input device" dialog can be made ominous enough that users will realize something is very strange about that one USB stick.
1. Supposing all the more-convenient ways have broken down (no keyboard, no mouse, etc.)
2. The OS displays a random 15-60 second countdown telling the user when to unplug the device if they trust it
3. The OS displays a second (random) countdown telling the user when to reconnect the device if they trust it.
4. If both steps succeed to a reasonable level of accuracy (some fudge-factor for humans and for slow-powering-up devices) the OS will begin trusting the HID device and installing drivers etc.
This requires no additional hardware except for a monitor, and evil devices cannot reliably brute-force it without taking a lot of time and being very obvious and obnoxious about it.