Seriously -- this is ludicrous. I founded a hardware tech company a few years back that does a similar thing (machines in very public places) and -- knowing approximately dick about building robust hardware -- auto mounting of input devices was basically the first thing I locked down once I had the basics up and running.

What a stupid vulnerability.