I'm a techie at a major university. One of these can wreck havoc across a campus, and cost us beaucoup taxpayer Dollars from the emergency fund. Which is why I only allow fresh, vetted, USB sticks which are low level formatted on a non-Windows device at each use. When your 100,000$ machine goes down from a virus or worse, its no fun to tell a Prof he/she just has to set and wait leaking grant money till I can get something fixed. IF I can find budget to fix things.
Keep in mind a day of FSE time in the academic world can approach /exceed 1500$ plus Parts, Travel, Per Diem, Hotel, and Expenses. No FSE I know keeps a instrument motherboard in his toolkit, either, so that can become a two day or more business day wait for FedEx, plus however long it takes to flash/program/.configure the board.
I have already dealt with what I believe to be a student's stick that had firmware infused with a bug.... We get constant warnings about memory devices out there with really nasty stuff in hardware/firmware.
Things like this fake stick keep me up at night, sometimes. If someone went from PC to PC in our one undergraduate lab, that would be 24 machines damaged/down/dead. We don't have budget for that kind of contingency.
Its not a novelty, it could be an economic weapon in the hands of a misfit. Around here, it's use would result in criminal charges and civil penalties.
I hope customs could keep them out by considering them a "criminal tool".
Thus for critical stuff, I supply the sticks or another means of moving data. Which is pretty limited when it is a standard practice around here to keep lab machines off the net to prevent "Updates" from becoming a bug, not a feature. Push data off, never allow anything to be pulled on.
Steve