Security researchers have found a fundamental flaw that could affect billions of USB devices. This flaw is so serious that, now that it has been revealed, you probably shouldn’t plug a USB device into your computer ever again. There are no known effective defenses against this variety of USB attack, though in the future (months or years, not days) some limited defenses might be possible. This vulnerability, which allows usb lock any USB device to take over your computer, mostly exists due to the USB Implementers Forum (the USB standards body) eschewing security in favor of maximizing the versatility, and thus the massively successful adoption, of USB. The USB IF itself notes that your only defense against this new attack vector is to only use USB devices that you 100% trust — but even then, as we’ll outline below, this won’t always protect you.
I would not call BS, but this device aims the general weakness of computers designed for low production cost and just the standards compliance that is required for these models. Mind that equipment designed for home and office has comparably lock usb low EMC immunity levels. Industrial, telecom and military equipment has higher immunity levels and is less prone to such attacks. It also depends on the designer. I have seen equipment that barely passed for telecom and office equipment.
IF there was to be a particular instance of a compiled Linux kernel that was signed by a globally trusted key, then THAT compiled kernel would necessarily have to be crafted so that it was not able to execute untrusted kernel usb access control code. This is simply because if it DID run any old code in kernel mode, then those in charge of the globally trusted key would never sign it, since the existence of such a kernel would undermine the entire system.