Phone Disguised as Keyboard Can Hack Computer
You know it's a phone, but does your computer know that?
We plug a lot of things into our computers without thinking about it. That’s one of the wonders of USB, which has made it exceptionally easy to connect all sorts of different peripherals to our computers while using one standard plug.
Of course, this kind of ubiquity along with our carefree spirits presents a massive security hole. Computer security researchers have demonstrated how computers can be fooled through the USB port.
A team at the George Mason University used an Android-based Nexus One to fool a laptop that it was a keyboard. Through that, it can issue commands to the computer to steal files and download malware.
This exploit is possible because the USB protocol allows for a connection without authentication. Part of the problem is that operating systems do no prompt the user whether he or she wishes to really connect the peripheral to USB.
In Windows, a little pop up appears briefly informing the user that it's detected a new device. On a Mac, a command can get rid of that notification, and there's no notification at all on Linux.
The malware can be transferred from USB to USB, meaning that a phone could transfer it to a computer, which could then transfer it to another phone when it's connected via USB.
Of course, like the case of staying safe in the real world, just be careful where you choose to plug your ports (or what you allow to be plugged into your ports).

GIGGIDY!
GIGGIDY!
I love technology, but I hate it when it turns around and bite me in the ass!
Or I could get into serious trouble, sooo not going to happen.
I don't know the code of the thing (And even if I did I'd still be clueless) but it might contain the ability to piggyback on a burn process. I'm not really sure.
Google: +Symantec +Stuxnet
There's a good YouTube video here: http://www.youtube.com/watch?v=cf0jlzVCyOI
Yes, They believe it was via USB key.
"just be careful where you choose to plug your ports (or what you allow to be plugged into your ports)."
+100
Pretty good point. But i think manufacturers would be much more easily caught making these malicious keyboards compared to people who simply write keylogging scripts, viruses, etc. So to be a victim of buying a malicious keylogging keyboard, I think is a little bit farfetched, but not impossible I suppose. I guess thats why I always shop at newegg
but besides that, the hacking of USB ports isn't really that huge of an issue. The only time this truly exploits a computer is when restrictions are put on a computer such as a computer in the workplace that is on a domain. Otherwise anyone can just as easily plug in a keyboard to a computer, download viruses, download keyloggers and track everything back to themselves. if that makes any sense at all? Pretty crazy hack though.
Read-Only
Read and Write
Execute
If you want to hide a file or a folder you simply add a dot in front of it (eg. ".Porn").
So USB devices (even data partitions) can be set to read-only and not execute, by default.
"Data partitions should always be mounted with option NOEXEC and NOSUID, as there should never be the need for a program to run from such a partition. And especially not with root privileges!
If you don’t plan to install any programs in your home folder, you can also set NOEXEC on the /home partition. NOSUID should always be set on /home."
(source)
If you really wanted a stupid notification I'm sure there's something that can read the Vendor, Product ID, Manufacturer, Revision, Serial Number, etc, etc. like what VirtualBox detects (PUEL not OSE; the one with USB support). But most Linux users would probably just run fdisk -l.
Plus, Linux is open. The EXT4 filesystem (in contrast to NTFS) lets you rename files and folders whatever the hell you like. So no more restriction in using question marks, quotes, or the asterisk, "|", "\", etc. Except for "/", obviously.
But we're getting offtopic here... Point is Windows hidden files are always visible on Linux (and vice versa, Linux hidden files are always visible on Windows) - unless, of course you rename them with a dot in front and apply the hidden attribute.
Do no prompt? Who's editing this crap anyways?
The key logger need not be 'inside' the keyboard, it could be inside a pen that houses something similar to a mobile or cellular phone, that in turn relays the data.
This would only be 'tiered' once, and much harder to detect that replacing keyboards.
It also means the device 'does not' have to be smuggled out.
If I can come up with this in 5 minutes, imagine what an intelligence agency could do?