SMS is bad for 2FA not because it can be spoofed, bit because of SIM-swapping attacks that let the attacker trivially take your 2FA codes from you---gaining access to your protected accounts while you're locked out. NIST recommended against using SMS for this reason in summer 2016.