Security experts have demonstrated how any USB device could be used to infect a computer. Karsten Nohl and Jakob Lell at Security Research Labs said there is no practical way to defend against the vulnerability, since the a USB device that appears completely empty can still contain malware, even when formatted. The vulnerability can be used to hide attacks in any kind of USB-connected device.
In one demo, shown off at the Black Hat hackers conference in Las Vegas, a standard USB drive was inserted into a normal computer. Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in. Soon, the "keyboard" began typing in commands - and instructed the computer to download a malicious program from the internet.
The USB Working Party said: "The USB specifications support additional capabilities for security, but original equipment manufacturers (OEMs) decide whether or not to implement these capabilities in their products.
"Greater capabilities of any product likely results in higher prices, and consumers choose on a daily basis what they are willing to pay to receive certain benefits.
"If consumer demand for USB products with additional capabilities for security grows, we would expect OEMs to meet that demand."