The real problem isn’t the weakness of SMS. Instead of SMS, you could use a pre-printed list of one-time passwords securely delivered to you and it will have the same problem.
The problem is that the authentication isn’t performed by two factors (something you know and something you have) but by two steps, both involving the same factor something you know, just obtained by different means.
However as you can see in the picture, there was no way for that person to know whether or not he was who was claiming to be. It could have been hacking into one of his/her accounts and he/she would not have known anyways.
Theoretically, this social method will not work for the most major account (icloud, appleid, FB, Google, Twitter etc) as they usually identify themselves and the victim would realize.
![[HACK] The Sims™ FreePlay (All Versions)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi84vkcDA19VIaRbBJHzd-Vz4MFICYtnVHRsDpAxCumDmwG3CMqufFWTdG0gP2h2VY0N76k71YhA10yYJaGQuZq64ZmFXLVgpsY9cfoHyVlWdo6FlyjDUjFjxf9osFWMt-7PYVuQ1qn0os/s72-c/candycrush.jpg)
![[HACK] Angry Birds Go! v1.3.2 (All Versions)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5powK_9ZVi4t_WlkGoCSqkyfg2BwE5LDNotZkKOhDglVhcgxb5-F98c6aGCy8QGTtuXekDdb1BrarAWYCMZNsOPi5p6CCz-YA5rHC20zWhdS3h-cAOUIx6BJ0wPwwTiWxdElMi1fzzdk/s72-c/screen568x568-422.jpeg)
![[HACK] Small&Furious v1.6](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZFATOG3YgKP2Yofodfp1n6cdhD2gr16993NC-ISZoxBcywnaX5X_whDozSLl27sEeKKDuEMZy7z5FjXlx-7RJ-AOR8GBlERRlbM_HaSkBJ4JqgxkBoNa2jDt3WW3-x4nO11UOnSGF9WQ/s72-c/image.jpg)