This has actually been done before, but not to the extent that the new researchers have reached.
The basic moral of the story is "don't let someone else plug something into your PC, it might be dirty." (this rule works IRL, too, if you s/your PC/you/
)
In other words, if you're using a USB stick to bridge the air gap, make sure it's one you bought yourself from a reputable seller, and then you'll
probably be OK. I say
probably because in theory, if your online PC is compromised, there are some USB sticks whose firmwares could be reprogrammed turning a clean USB stick into a dirty one.
It will be interesting to see if any malware in the future tries to do this automatically....
There was a thread that talked about this not too long ago:
Offline wallet - USB key alternatives - security concerns