Multiple posts covered a presentation at the CCC outlined how they could write programs onto flash memory like SD cards.
A quote from the ThreatPost article referenced below:
“In other words, the maker of these particular chips, and likely a whole slew of others, is not adequately securing the firmware update process.
From this point, the researchers reverse engineered the 8051 controller and managed to build new applications for the controller without access to the manufacturer’s documentation.”
This can present a new almost completely hidden storage area for secreting data into/out of secure locations.