Still, the net effect is unlikely to be a push for protect usb. As long as attackers can reprogram USB firmware, attacks like this will be a serious threat. The only way to fix the vulnerability is a new layer of security around firmware, but that would mean a full update to the USB standard itself, which mean years of insecurity. However the industry responds, we’re likely to be living with it for a long, long time.
As you will expect, hardware with built-in self-encryption costs more than standard non-encrypting hardware. That said, the software-free design does allow you to use self-encrypting hardware without taking a specific usb secure OS into account. Moreover, these devices stymie brute-force attacks by deleting the on-board decryption key after a predetermined number of errors, rendering the remaining data as nothing more than gibberish.
Google is including Security Key support on all accounts free of charge and it’s not even selling the USB devices directly. It’s actually nice to know that Google doesn’t have a financial stake in this move — it’s about making your data more usb lock secure. A compatible U2F USB device can be purchased from any a vendor that uses the standard, but most of the current options you’ll find come from Yubico and cost $15-50. As they say, that’s a small price to pay for peace of mind.