Claude Code handled SMS 2FA by controlling an Android phone
Claude Code can automate many account tasks in a browser, but SMS 2FA can stop the workflow when a site sends a six-digit code to a phone. In this setup, connected the phone and PC over home Wi-Fi. Claude Code could wake the phone, unlock it, read the screen, tap through apps, and find the new SMS code.
In a real insurance portal run, it reached the text-code step, switched to the phone, read the code, entered it in the browser, and continued into the account. It then compared an insurance renewal with an , found the renewal was about 25% higher than the saved number, and drafted an email to the insurance agent. The main change was that the SMS code became one step in the automation instead of a manual handoff.
The risk showed up during a simple spam-text cleanup test: one early filter was too broad and caught a few real messages too.
Key points
- Claude Code used an Android phone to get past an SMS 2FA step during .
- linked the phone and PC over home Wi-Fi.
- In an insurance portal, it read the SMS code, entered it, compared renewal numbers, and drafted an agent email.
- The renewal was about 25% higher than the number in the .
- A spam-text cleanup test exposed the danger of broad filters catching real messages.