I thought it was common sense not to plug in untrusted devices to your computer. Especially unknown thumb drives, unless you can use them in a read only device.
The problem is that a trusted device becomes untrusted as soon as you plug it into a computer not 100% in your control. Bring a USB storage device with you to work? To a friend's house? To *shudder* your parent's computer? What prevents a USB storage device, especially a common model, from having it's firmware overwritten? It's all too easy to have malicious code that moves around as firmware, something that it seems isn't checked by typical AV software.
I thought it was common sense not to plug in untrusted devices to your computer. Especially unknown thumb drives, unless you can use them in a read only device.
The problem at hand is that you can take a trustworthy device, plug it into an infected computer and then your trustworthy device becomes compromised and not easily detectably so, infecting your formerly clean PC. So far, no comments on mitigating procedures or OS specific circumstances. Most OSes will automatically load USB devices so in theory this could affect just about every OS whereby a compromised phone decides to become a keyboard and starts typing keystrokes and sending data to a 3rd party. Scary, at least in theory.
It is easier to write an incorrect program than understand a correct one.