In theory, someone could use one of those cell towers that are meant to spy on people using the cell tower. (there is a thread in politics and society about this). The attacker could make it so your cell phone does not use encryption, requests a 2FA code th]ey know will be delivered to your phone and then intercept the code, and not deliver it to your phone. If they know your account credentials then they would have access to your account.
No they could not.
First, they could not disable encryption on your phone. They would require root access to do that.
Second, even if they did that they could not "intercept" your 2FA code. That 2FA code is not generated from a server somewhere to be intercepted, it is generated by your phone using a time based code.
Neil
From
this thread.Rather than offering you cellphone service, the towers appear to be connecting to nearby phones, bypassing their encryption, and either tapping calls or reading texts
If the tower does not accept encryption then encryption will not be used. This is similar to doing trades in the marketplace, if the seller does not accept escrow, then escrow will not be used, in the marketplace the buyer can simply decline the transaction, however cell phones are setup so that they will connect to the closest tower/tower with the strongest signal.
If the 2FA code was sent via text message, then the tower could read the unencrypted text message and not relay the message to the cell phone.
No, no, no, no. All misinformation.
The cell phone tower has absolutely nothing to do with your phone and it talking to an encrypted service, they cannot turn it off, it is all FUD!!
The 2FA code is not sent via sms (I know a few services do that, but this one, like most does not) and it cannot be intercepted.