[bjornsing]

Or setup an exact replica of the targeted device's (WPA-protected) home AP, and then tunnel the raw encrypted 802.11 frames back to that AP over the Internet. Ta-da - your target now has absolutely seamless remote access to their own home Wi-Fi, with mutual authentication and end-to-end hardware accelerated AES encryption. :P

Only "drawback" (if you're of a malicious nature) is that you can't do any evil. The only thing you'll see is the raw encrypted Wi-Fi traffic, flowing straight through your "rogue AP" and into the Wi-Fi over IP tunnel. :)

Disclaimer: That's what http://anyfi.net does and I'm on the team that built it.