Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.
The duo said there is no practical way to defend against the vulnerability.
The body responsible for the USB standard said manufacturers could build in extra security.
It is not uncommon for USB sticks to be used as a way of getting viruses and other malicious code onto target computers.
Most famously, the Stuxnet attack on Iranian nuclear centrifuges was believed to have been caused by an infected USB stick.
However, this latest research demonstrated a new level of threat - where a USB device that appears completely empty can still contain malware, even when formatted.
The vulnerability can be used to hide attacks in any kind of USB-connected device - such as a smartphone.
"It may not be the end of the world today,"
USB - which stands for Universal Serial Bus - has become the standard method of connecting devices to computers due to its small size, speed and ability to charge devices.
USB memory sticks quickly replaced floppy disks as a simple way to share large files between two computers.
The connector is popular due to the fact that it makes it easy to plug in and install a wide variety of devices. Devices that use USB contain a small chip that "tells" the computer exactly what it is, be it a phone, tablet or any other piece of hardware.
It is this function that has been exposed by the threat.
In one demo, shown off at the Black Hat hackers conference in
Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in.
After just a few moments, the "keyboard" began typing in commands - and instructed the computer to download a malicious program from the internet.
Another demo involved a Samsung smartphone.
When plugged in to charge, the phone would trick the computer into thinking it was in fact a network card. It meant when the user accessed the internet, their browsing was secretly hijacked.
Unlike other similar attacks, where simply looking at the web address can give away a scam website, there were no visible clues that a user was under threat.
The same demo could have been carried out on any website,
"USB is ubiquitous across all devices," he said.
"It comes down to the same old saying - don't plug things in that you don't trust.
"Any business should always have policies in place regarding USB devices and USB drives. Businesses should stop using them if needed."
Most Popular Stories
- Doctor Who Christmas Episode Begins Production
- HCL America Adding 1,200 IT Jobs
- Medical Mfg. Jobs Coming to Dayton
- Michael Jackson, Freddie Mercury on Previously Unreleased Queen Cut
- Longtime Unemployed to Get Help in Las Vegas
- SpaceX Aims for Predawn Launch on Saturday
- Women Key to Democratic Party: Clinton
- U.S. Chamber Caught Up in Tax Inversion Question
- Feds Won't Say How Many Border Crossers Jailed
- Christie Didn't Order Bridge Shut Down, Feds Say