SMS's susceptibility to attacks is well understood and it should therefore not be considered a secure method for two-factor authentication. This is especially the case when dealing with sophisticated or well-funded attackers that may infiltrate or control carrier networks. Routing calls to third-party carriers is an important feature to enable roaming of mobile devices. However, since no secure verification takes place between the device and its home carrier to verify that it has signed on to a roaming partner's network, roaming partners (or an attacker with access to their network) can re-route calls and text messages, broadening the attack surface for text messages far beyond the home carrier. This incident is an example of how this weakness can be abused for targeted attacks by a sophisticated actor.  Read Less