I'm not quite sure what is so special here. It is a device, it has firmware, the firmware can be upgraded. The same is true for your HDD or SSD. Why is an SD Card any different?
If someone hands you an SSD in an external enclosure do you automatically suspect it too? A similar hack is known to work there, witness the number of SSDs that needed a firmware upgrade after their field release.
I do applaud the finding of how to do it and the proof that it really does work. It is a nice work in that regard and I have a few SD cards I'd be happy to hack their firmware for fun if nothing else (damn fake SDs, if they at least just advertised their real capacity they could at least be useful).
We always knew that the implementation of these devices incorporated a uC, simply because the way you interact with them (SPI or SDIO interface) involves a state machine that would take up lots of space or upgrade headaches to do in pure hardwired logic.
What a lot of us thought, however, is that the uC would be in the form of what's found in other single purpose devices with similar interfaces (e.g. temp/humidity sensors) : code exists in some ROM table whose mask is set in production.
Secondly, flash is a highly competitive product with narrow margins. Check out some other posts on his blog to get an idea, esp. the ones about the ghost runs.
It's only after you read up on the complexities of bad cell management in flash that you get a sense of this problem. And that it involves complex on-device logic. In the end, the devices (uC) become so high-spec that the firmware update feature is a no-brainer. Compare it to cell phones that increase in complexity until one day they're capable of running Linux, at which point a floodgate of possibilities opens up.
If someone hands you an SSD in an external enclosure do you automatically suspect it too? A similar hack is known to work there, witness the number of SSDs that needed a firmware upgrade after their field release.
I do applaud the finding of how to do it and the proof that it really does work. It is a nice work in that regard and I have a few SD cards I'd be happy to hack their firmware for fun if nothing else (damn fake SDs, if they at least just advertised their real capacity they could at least be useful).