The problem is the same as the feature which made USB popular in the first place: when you plug in an USB device, it just works. The device automatically tells the computer what kind of device it is.
AFAIK, the idea that e.g. a malicious thumb drive can identify itself as a keyboard is not new. What is new, however, is that the researches were able to overwrite the firmware of a thumb drive programmatically. It opens up the possibility of a USB virus that infects both computers and USB drives. Such a virus would be extremely hard to get rid of.