1. This is immidiately obvious
2. You've now maybe pwnd a single device, but in doing so you also removed any credentials from the device, so it's not valuable
3. USB mice and keyboards already exist, and are plugged in to most computers.
I think drcongo's point is that if an operative meets someone at the pub and swaps out a similar looking fob on his keychain for one that contains a virus. It doesn't matter if you only "pwned" a single device, you're in the network and it is time to start exploring.
Your virus is on a machine in the network, therefore you're in the network. At that point, it is a matter of exploring the network, fingerprinting systems, scraping for exploits, and attempting intrusions. Or, waiting until an administrator does something silly like attempt to use their privileges on the machine to accomplish some task. I believe this was exactly how the Sony hack was conducted.
Edit: Also, at some point the employee will be reissued a new key fob for the "broken" one and at that point they will enter their credentials into the network again on that machine giving you access.
Edit 2: I guess a procedure that could prevent this is to require I.T. check the serial number of a fob that has been reported as "broken" thereby verifying there hasn't been a potential intrusion.
I can't make heads or tails of this comment, likely due to hn formatting.
But as far as I can tell, this exploit requires 3-4 zero day exploits to be discovered in a system the attacker has no access to, and to all go undiscovered for an unknown amount of time for while said attacker is exploring.
That's much better than "I can steal user credentials and then download an exploit trivially."
