If Andy Greenberg and others are right, a large portion of existing USB devices - from keyboards to peripheral controllers and data-keys - may be vulnerable to reprogramming at the microcode level of the USB controller to do any and all kinds of nasty work that software viruses can do, and perhaps more.
In
Why the Security of USB Is Fundamentally Broken Greenberg discloses some very new information about how ordinary USB devices can become high-power snoops and saboteurs with nothing more than some diddling of their internal microcode, loaded by a hacker into the device via the USB interface itself.
The effect of this discovery could be that no USB device may be considered totally trustworthy henceforth, whether memory or peripheral, if it remains internally reprogrammable at the microcode level after manufacture. Some USB-controller architectures have fuses or other locks that can be set to permanently inhibit reprogramming, but often these protections may not be engaged in existing products, observers say.
Seems to be a whole new can of worms to worry about. As of today!