I was specifically addressing simple flash storage devices and firmware security, not all the other USB widgets, ssds, mp3s, etc, but even most of those designs could offer better firmware security than we are seeing.
As a minimum, I should be able to take a pure flash storage device and plug it into a clean PC and run some program that will verify that flash device has factory firmware (or the OS could do this automatically). Another acceptable option is if the firmware can’t be changed at all since it sit in ROM or other HW write protect area. If I can’t have either of those I should at least be able to restore to firmware factory somehow. To design a device that has none of these options might be OK if this were still 1990, but today it is an inherently bad design. Do you really want to see a firmware version of Cryptolocker? As far as never letting a stick out of your possesion, this severely limits the very purpose of the product, and some of the reports suggest that firmware hacking of SOME sticks only requires an infected PC. It never need leave your possession to be hacked!
Perhaps Sandisk offers some of these security features, but I don’t see any official statements about how these devices are designed to be secure, or how they fit in a world with increasingly sophisticated exploits. I’d love to find out that the only brand I have ever bought is more secure than those other brands, but I am disturbed by their silence on the matter. “Head in the sand security?”
How can you design a flash stick that has some of the security features I mentioned? Take a trip back to the 90’s and understand that most firmware sat in ROM, PROM, or UV-EPROM. To change it you needed to pull chips. Not convenient? How about EEPROM or FLASH with HW write-protect. It has all been done before by granddad. I’d gladly live with a tiny write-protect jumper hidden under the plastic shell, since I’d probably never need to use it. At the volumes we are talking about here, adding a custom ROM to a microcontroller costs pennies. All that really needs go into that ROM is a boot-loader/monitor that can R/W/verify the rest of the firmware and maybe support a one-wire data stream. Nothing hides from a proper boot-loader, and since it runs first it has ultimate control. Malware can’t lie to you if it isn’t running. Only HW hacking can get around that. I am sure there are even better/smarter ideas, but we don’t seem to be getting any of that.