The research has its limitations: Now the attackers needs to know the inner workings of the algorithm they’re trying to fool. However, past research has been shown to work on black-box systems, or proprietary algorithms unknown to the attacker. Athalye says the team will pursue that area of research next.
Clever! Here's the paper by the way and here's the clever part:
If anyone here wants more explanation than just 'the algorithm is a mystery' and has an hour to spare, I really like 3Blue1Brown's explanation. It is a bit slow-paced but explaines the logic and intuition behind ML math without resorting to too many shortcuts. Here's all three videos.