Government agencies like the NSA already know how to do this.
The usual firmware update happens over the regular SATA interface, and is also controlled by the firmware itself; however, there is a "factory mode" that requires physical access and is always available - it's how the initial firmware is loaded - so even if you use firmware that doesn't allow updating via regular means, you can still update it if you really need to. The factory mode might be via JTAG, or require a specific voltage on a pin upon reset to enable, and that's something that no malware can silently do...
I wonder if OCZ might've not suffered the same fate had they open-sourced their SSD firmware after they bought Indilinx, since one of the biggest problems they had was firmware bugs.
The usual firmware update happens over the regular SATA interface, and is also controlled by the firmware itself; however, there is a "factory mode" that requires physical access and is always available - it's how the initial firmware is loaded - so even if you use firmware that doesn't allow updating via regular means, you can still update it if you really need to. The factory mode might be via JTAG, or require a specific voltage on a pin upon reset to enable, and that's something that no malware can silently do...
I wonder if OCZ might've not suffered the same fate had they open-sourced their SSD firmware after they bought Indilinx, since one of the biggest problems they had was firmware bugs.