I wonder if a viable method for securing USB devices would be a pairing step, similar to how bluetooth keyboards work. Most input devices are USB-based, which means we can't require confirmation for every device, but we could require OS confirmation for most of them, and do a pairing step for input devices. Like click these visual targets / type in this key sequence.
This wouldn't fully solve this problem, but it might just help protect me from people plugging devices into my machine while it's locked, and could even alert me that the device I thought was just charging has reported itself as a keyboard, despite looking nothing like one.
This wouldn't fully solve this problem, but it might just help protect me from people plugging devices into my machine while it's locked, and could even alert me that the device I thought was just charging has reported itself as a keyboard, despite looking nothing like one.