You could, the SS7 network is an very insecure one. Once you are added as a trusted node you could spoof an active phone to get the SMS message.
Thing is, it doesn’t give you the username or password. Some recent hacks also involved attackers who just spammed admin their MFA (app) until they accepted.
In a certain way SMS is safer because this attack is not possible via SMS.
Latest Answers