VICE just revealed a 2FA hole you can drive a truck through. A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages. This new post in VICE is downright scary. Bank accounts that use SMS for 2FA could be taken over this way; "High Concept, Low Tech". I suggest you read the whole article which is 15 mins or more. Here is how they started:
"I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me.
"Looking down at my phone, there was no sign it had been hacked. I still had reception; the phone said I was still connected to the T-Mobile network. Nothing was unusual there. But the hacker had swiftly, stealthily, and largely effortlessly redirected my text messages to themselves. And all for just $16." Full article here. Yikes:
https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
