Appearently the os can't differentiate between any USB devices.
I saw a great video years ago (which I haven't been able to locate for years) that went into detail as to how you can basically make a custom usb device arbitrarily malicious. The trick that sounded particularly good was that you can impersonate a usb device that requests a driver that has a known security vulnerability.
Yep, the issue is that the host OS has no way to verify the identity of the USB device. It has to believe whatever the device claims. Something that looks like a charging cable might actually "be" a 1990s-era Wacom tablet with crappy drivers, which also charges your phone.
The only protection is to restrict what types of devices are allowed to connect. The kernel is not obligated to recognize any device that you attach (though of course most users will expect it to do so!). And of course some host OSes make such restrictions difficult or impossible.
I saw a great video years ago (which I haven't been able to locate for years) that went into detail as to how you can basically make a custom usb device arbitrarily malicious. The trick that sounded particularly good was that you can impersonate a usb device that requests a driver that has a known security vulnerability.
Fun times.