[pjc50]

You can mitigate the exploit against standard mass storage drivers, yes, but there are other ways. It appears in this case the host was compromised (so able to override the drivers).

If a userland program can get at the raw HID interface, that can also be used for exfiltration to a tailored device.

[kps]

  xset led named 'Scroll Lock'

Slow, but works for PS/2 keyboards too.

[jandrese]

Depends on having a camera pointed that the compromised keyboard, and cameras are the first things banned when setting up a secure environment.

[kps]

I meant, using a physically compromised keyboard that records LED transitions set by the host, since the context was USB devices that look like normal keyboard or mice but actually contain storage.

[jandrese]

The only problem with that is people don't typically carry keyboards around and plug them into different devices.