Karsten Nohl and Jakob Lell, who hail from German security firm SR Labs, did spend a fair number of months analyzing such software and micro-controllers that have been embedded within a select group of USB devices, and touted that they were able to hid in the flash ROM of these devices undetectable malware.
The software has been dubbed BadUSB, and it is installable within select USB flash drives as well as in other devices that feature a supported or compatible micro-controller. Not only that, it is virtually impossible to remove from the device, at least for the layperson since it would require the necessary tools and technical know how to reprogram such firmware. SR Labs claims that “no effective defenses from USB attacks are known.” Now that’s a chilling thought!