MITM isn’t common, but the big problem with SMS for 2FA is that mobile numbers are portable. If your number gets ported without your consent then your 2FA codes gets sent to a device you don’t control.[1] NIST stopped recommending SMS 2FA half a decade ago for this reason.[2]