Most surely the hack of the century.
Here is the actual paper as it seems to be missing from the article (wonder why...). And here is the pertinent paragraph:
1. Install a malicious iOS configuration profile. This is a native way to distribute a set of configuration settings like networking, security settings, root CAs, and more. A threat actor can craft a configuration profile that will install a root CA and route traffic through a VPN or a proxy to a malicious server, and then initiate a MitM attack. This configuration could be deployed using phishing attack.
So basically, they are using MDM maliciously. i.e. you trick a user into installing a malicious MDM Profile.
To do this on iOS, the user must tap install, then enter their passcode (cannot Touch ID). They then see a warning:
"Installing this profile will allow the administrator at (MDM server address) to remotely manage your iPhone. The administrator may collect personal data add/remove accounts and restrictions; list, install and manage apps; and remotely erase data on your phone."
...after which the user must again tap 'Install'. After tapping install, the user must agree to another dialog:
Do you trust this profile's source to enrol your iPhone into remote management?"
Presumably their 'attack' then involves distributing a CA cert to the device, then using that trust to install self-signed apps, along with possibly MITM the device using the CA cert and routing traffic through a proxy.