I'm new to using VMs, so I suspect this question may answer itself with experience, however, this question has been bugging me.
If a computer user has a VM set up, and plugs in a pen drive, what's stopping any potential malware from "hopping" from VM, to drive, to host?
I would expect that a secure VM would either not allow external devices, or isolate them from the host. E.g., a flash drive being used by the VM wouldn't be visible to the host.
However, this system wouldn't be practical for the user because of the various required interface devices. (Think USB keyboard or mouse. I know those can be targeted by a version of the BadUSB exploit.) If the VM isolated the keyboard, then the user would have no means of input while using the host, and no means of telling the system to switch back to the VM.
How is this security conflict resolved?