[tialaramex]

This seems like a pretty complicated attack with relatively low value, but maybe I don't understand something important. So let me run it back by my understanding.

You're proposing a TLS MitM (maybe plausible in a corporate environment that has this configured anyway) which downgrades the authenticator enrolment to have less protections, and then passing the resulting credentials to the real backend which will assume it has two factors without checking?

And later you steal the device so you can now use it without an additional factor because it wasn't enrolled using multi-factor anyway.

This would work as an element of the over-complicated schemes in an Oceans movie, but it doesn't feel very plausible in the real world. The skill sets to "Steal someone's iPhone" and "Obtain fraudulent Web PKI certs" don't overlap very much and this attack doesn't scale so it would need to be targeted.