The bigger problem for SMS-based 2FA are social engineering attacks on the support personnel of mobile network operators. They typically don't have fancy authentication schemes - it's fairly easy to get them to redirect messages to a different SIM or something like that.