As mentioned in the article/paper, this attack vector has been used before.
The AT+USBDEBUG command was used to unlock the Samsung S6 Dec 10, 2015.
Blog about this exploit back then: https://www.bloglovin.com/blogs/xda-developers-5233323/2015-...
Video of the unlock back then: https://twitter.com/rpaleari/status/674983960162787328/video...
The code published by FICS here: https://github.com/FICS/atcmd/blob/master/usbswitch/usbswitc...
is based off the same code from Dec 2015 here: https://github.com/ud2/advisories/blob/master/android/samsun...