During my normal, everyday, perusal of information security topics I happened to come across some of David Maynor's previous research when he used to work for ISS:
"You Are The Trojan" - Toorcon 2005 - Presentation Link
In the above presentation David show us how you can take advantage of reverse DMA mapping to execute exploits via the USB bus. At a more recent conference, Shmoocon 2006, this concept was further explored in:
"Cardbus Bus-Mastering: 0wning the Laptop " by David Hulton (Unfortunately, no presentation or video has been posted).
I won't speculate, okay so maybe I will. Could they be using similar techniques to achieve 0wnage with wireless drivers? If so, how do you prevent this?
It also looks as though Johnny "cache" has done some very interesting research as well:
"802.11 Wireless VLANs" - Toorcon 2005 - Presentation Link
It most likely is unrelated, but is interesting none the less.