My first thought was that if it was a default image it would be a sign that you were vulnerable to Reaver attacks. That got me thinking... How about assigning it the function of LAUNCHING Reaver. Turn it on its head and use it to our advantage. It would obviously have to write to files for later use but that's the nice thing about Reaver and WPS vulns. Once you have that back door you're golden. Yes, we could just have it launch via gui or ssh but that's not as amusing.