SMS is weak against state actors.<p>3G interception is not impossible but you have to ask yourself how many people in which economies and why you suffer the attack.<p>SMS in some economies with poor process can be subverted by requesting the mobile number be ported. This attack means they get your SMS message but also have to drain your funds or conduct the attack by intent before you can reverse the number port out or remove the 2FA via backup codes and redirect.<p>If you're being <i>targetted</i> then I suspect the risks are worse. But as a random threat? This feels below the noise threshold.<p>Overall SMS 2FA is better than simply using a password but worse than TOTP (in my opinion)