[neuralzen]

The thing to be wary of here is knowing which platform should be used, on a given site. These devices are to establish strict lines of trust, but not all those who use them are technically proficient, so a MitM that downgrades the authenticator from "platform" to "cross-platform" (or roaming) can alter the registration process such that what should have had a biometric tie now just has a PIN (or no PIN depending). This attack depends on how the vendor is managing AAGUIDs and Attestment Certificates, but a lot simply don't.

[tialaramex]

This seems like a pretty complicated attack with relatively low value, but maybe I don't understand something important. So let me run it back by my understanding.

You're proposing a TLS MitM (maybe plausible in a corporate environment that has this configured anyway) which downgrades the authenticator enrolment to have less protections, and then passing the resulting credentials to the real backend which will assume it has two factors without checking?

And later you steal the device so you can now use it without an additional factor because it wasn't enrolled using multi-factor anyway.

This would work as an element of the over-complicated schemes in an Oceans movie, but it doesn't feel very plausible in the real world. The skill sets to "Steal someone's iPhone" and "Obtain fraudulent Web PKI certs" don't overlap very much and this attack doesn't scale so it would need to be targeted.