Without a key, your adversary knows just as much as you do. This means that, if you can extract the message, so can he. As such, relying on steganography without a key is security through obscurity, which is bad. It may be sufficient for getting around simple, automated censorship, but that's it.
Secure steganography requires a key. If you want to hide the fact that a message, encrypted or not, even exists (which is kind of the point), you also need to know the distribution of natural noise and use a function that can transform your ciphertext into something indistinguishable from the noise. If that is done, then it's not possible to distinguish natural noise from noise hiding information. It is extremely important, however, that your model of the noise of the system is not less accurate than that of your adversary, which could result in your adversary determining that a hidden message is present.
If you can determine the noise floor and the distribution of the noise (and you know what noise is truly random), you can start modifying the noise in a way that makes it impossible to positively identify the presence of a message. This can apply to images, audio, or even radio signals. Anything with a noise floor that contains at least some randomness that cannot be predicted (even if the distribution is not uniform) is subject to message hiding via steganography.
The arms race between evasion and detection (steganography and steganalysis) is not cryptographic in nature. It is purely about the enhancing the quality of the model of the system's noise. If your model is perfect, then it is actually impossible to detect the hidden message without breaking the underlying cryptography. In the real world, models only get better, so you're typically stuck with the reasonable assumption that your adversary's model is always going to be a bit better. In that case, you have to live with the fact that the most he can do in typical circumstances is assign a probability that a given message contains a hidden message. You can only make sure the probability is low enough.