Except that this vulnerability affects all USB devices, including HIDs.
So if you plug a keyboard or mouse into a computer carrying this malware, they could be infected. Then if you plug them into another computer, they could infect that computer.
Or more likely, you could find out your computer is infected, and decide to wipe or replace it. Then you plug the same mouse back in, authorize it as the expected HID...and now your computer is infected again.
Or consider a laptop keyboard that connects over the USB bus...
The only reliable solution to this vulnerability is to protect USB firmware via code signatures. That's going to take a long time.
In the mean time, I'm going to completely avoid USB thumb drives, and stick to Bluetooth HIDs.
So if you plug a keyboard or mouse into a computer carrying this malware, they could be infected. Then if you plug them into another computer, they could infect that computer.
Or more likely, you could find out your computer is infected, and decide to wipe or replace it. Then you plug the same mouse back in, authorize it as the expected HID...and now your computer is infected again.
Or consider a laptop keyboard that connects over the USB bus...
The only reliable solution to this vulnerability is to protect USB firmware via code signatures. That's going to take a long time.
In the mean time, I'm going to completely avoid USB thumb drives, and stick to Bluetooth HIDs.