Before we added the ability to remove the microSD, it was also possible to store key material on the memory card if malicious software was in play. We’re thinking through if/how this should be addressed, possibly by creating a feature to permanently overwite user-accessible OTP registers. But its important to for people to understand this attack is only possible when a user runs a maliciously altered operating image.

Some additional thoughts: (1) if you run malicious software, malicious things can happen, which is why its so important to go through the recommended verification steps for any software that you use (2) this kind of attack requires an adversary to either deceive a user into running malicious code, or somehow know they are running malicious code, wait for the user access to keys, and then acquire the victim’s device to retrieve key material — a relatively high bar when other exploits (wrench attack, etc.) are easier to execute.

But as I said, we’re consdiering if/how to best mitigate this.