By setting up a fake AP, you can launch active attacks. Sure, people
won't get the right certificate -- and they're not going to notice,
especially if the (unencrypted) initial web splash page says something
like "For added security, all SSL connections from this hotspot will
use Starbucks-brand certificates. Please configure your browser to
accept them -- it will protect you from fraud."
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
I am very happy to agree with Steve. But I'd also like to add something.
Security does not have to be end-user based... risking the wrath of
Randy, let us hail Vietnam for a moment..
One of the technologies first employed in Vietnam (I may be wrong, my
history isn't that good) was that of tracking radiation, and
specifically, EM radiation by creating the first "smart bombs".
You could see this type of "physical" electronic warfare also employed
in Iraq with the US Gov't bombing the center of GSM-blocking signal
generators.
Locating where a transmission comes from, supposing it comes from a
centralized source, is rather easy.
Missiles for your local ISP to use? I find this rather amusing and a
clear path to take.
Locating these fake AP's will be easy, at least for the foreseeable
future until the Bad Guys start employing ANCIENT tricks to start
evading.... There are other risks and the future will show them as bad
or imperfect implementations and designs will show up... for now I don't
see anyone bothering beyond the goals of interest or fun. That will
change to profit very soon, though, as the technology takes off.
Gadi.