[leoc]

> You're assuming direct malicious intent. Which might be the case for jealous spouses and high-value targets. But a far more likely consumer scenario is handing your USB stick to a friend with a compromised computer to share a file. After he plugs it in, his malware-infested computer overwrites the USB device's firmware as a new attack vector. When you get it back and use it again, your computer becomes infected.

> It's not common now, but it's not really that far fetched.

And as the average USB device becomes "smarter" (or more like an embedded PC, in any case...) in the future I would assume it will become easier to infect without hardware access. (I am not an expert.) Or think of the many thousands of lab and internet-cafe PCs which are already out there and being used as public or semi-public charging points: those can already certainly be compromised without any hardware access. Even attacks using hardware access to a USB device don't have to be ignorably small-scale. A single compromised public USB charging point could hit hundreds of people: one could consider ATM skimming as an advance warning of what is feasible.

And more generally, access to the hardware on the far side of the USB connection is not (in the general case) the same as access to the hardware on the near side. If in practise one is always as good as the other, well that's exactly the bloody problem! And it's a problem with the USB protocol etc., not the inherently-mostly-insoluble problem of direct access to the internals of the user's local machine.