Except that these aren't shortcomings of the spec and, in fact, are never presented as such by Nohl and Lell...They referred to these as features, not flaws, and very clearly placed the blame on the devices, stating that the fix is to make the devices themselves not reprogrammable.
I agree that they are features, and that the devices being reprogrammable is a problem. That still doesn't alleviate the fact that a bus designed to carry adhoc device traffic has 0 security features associated with it. There's no cryptographic signing, no validation. No notification that a new device hooked up. Etc. Those are the deficiencies in the spec. It's like saying that DOS has no design flaws related to user security. You can argue that there was no intent to provide system security, but that proves my point that the USB spec design has short-comings (in security).
There is a DMA component, a quick search reveals they haven't fixed that either yet. Bah.
That was still in reference to FireWire. Further reading shows that the DMA aspect can be mitigated, if desired, as some performance cost.
And, in any case, the OS providing virtualized DMA for Firewire (and it is an OS feature,
It's an OS feature only AFAIK.
Firewire device from injecting a rootkit into RAM during the boot process. ...the only thing I can't confirm without testing devices directly is whether or not I'd be able to find a Firewire device I could reprogram to do exactly what Nohl and Lell did with USB. If one can be found that can be reprogrammed, one can be found to host something akin to BadUSB; let's call it BadWire.
I get the impression that FireWire DMA access is OS driver based, not inherent in the interface, which makes sense to me. I'd bet that most FireWire devices have updatable firmware, much like every other device.
And, that says nothing of Thunderbolt, which many people use for permanently-connected displays and drives. That also uses DMA (in fact, it exposes one or more PCI-Express lanes, depending on which revision of the spec is implemented)....
Of course, that assumes, as Nohl and Lell said, "that [the] devices can be reprogrammed", which, really, is the crux of the attack.
I think for the sake of argument that all classes of devices in question are most likely reprogrammable. USB is just the most susceptible because it's the most likely to have adhoc foreign devices being plugged into your system temporarily. The reason I state so strongly that it is a spec design flaw is because USB's purpose was to allow this type of connectivity.