Hard disks: if you read this, it's pretty much certain you use one or more of the things. They're pretty simple: they basically present a bunch of 512-byte sectors, numbered by an increasing address, also known as the LBA or Logical Block Address. The PC the HD is connected to can read or write data to and from these sectors. Usually, a file system is used that abstracts all those sectors to files and folders.

If you look at an HD from that naive standpoint, you would think the hardware should be pretty simple: all you need is something that connects to a SATA-port which can then position the read/write-head and read or write data from or to the platters. But maybe more is involved: don't hard disks also handle bad block management and SMART attributes, and don't they usually have some cache they must somehow manage?

All that implies there's some intelligence in an hard disk, and intelligence usually implies hackability.

Hardware vendors like to add Unique Selling Points to their devices to convince you to buy them instead of someone else's. Of course, this typically leads to hardware vendors desperately copying each other's Unique Selling Points in a process eerily reminiscent of evolution's Red Queen Effect, all desperately trying to run faster than each other in order to stay in the same place. Putting effort into standardisation would risk them falling behind vendors who choose not to, so in the absence of some external force to compel them, vendor-specific solutions proliferate.

Some SD cards contain vulnerabilities that allow arbitrary code execution — on the memory card itself. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else. On the light side, it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers.