It depends on the skill of the hacker if you ask me. I mean, it's definitely possible to do, but very, very hard. SMS, despite contrary belief, IS safe for authentication..