Re: "One could imagine that opponents are lining up for a try at cracking this."
"I'm still wondering if they have solved the problem of BadUSB (https://en.wikipedia.org/wiki/BadUSB) where a device gets to tell the host what it is, leading to some unintended consequences. AFAIK, there are no software or controller-resident solutions for this."
Sure there are solutions or, at least, mitigations.
We only allow specific USB classes in production systems. USB storage is allowed case by case, and only by specific mfgr ID / device ID combination. Plugging in a random Kingston into a machine will generate an alert. Of course, if the "keyboard" tries to launch a terminal and type commands - well, can't easily prevent that.
There's been talk of getting some sort of apparatus that would be used for all incoming USB devices. Scans for unwanted device classes as well and does an AV scan for files if it's storage.