In Cisco's defence...

...there’s a reason OTAP is off by default, doesn’t work on brand-new AP’s, and doesn’t work on AP’s that are already associated with a controller!

Any ‘stolen’ APs would be flagged as missing on the Corporate WCS and would then be detected as a Rogue AP by WCS / WLC / MSE (WIPS), and if the Corporate has setup the network / WCS properly, the system will flag the exact switch and switchport the Rogue is connected to, allowing the switchport to be shutdown and also allowing WiFi Containment to be launched too. Failing all of that, this is also why Users should use mutual-authentication methods like PEAP (done properly!), EAP-TLS & EAP-FAST; if mutual authentication is enforced then the Clients won’t join the Stolen AP, even if they are spoofing the ESSID.

Also quite like the way they can write a whole page of scaremongering but they admit they’ve not actually found a way of implementing the exploit :o)

Anyway, just my 2p… It’s an interesting approach, but ultimately this shouldn’t pose any 'real' problems unless the network & clients are setup poorly.