Claude Code handled SMS 2FA by controlling an Android phone

Claude Code can automate many account tasks in a browser, but SMS 2FA can stop the workflow when a site sends a six-digit code to a phone. In this setup, connected the phone and PC over home Wi-Fi. Claude Code could wake the phone, unlock it, read the screen, tap through apps, and find the new SMS code.

In a real insurance portal run, it reached the text-code step, switched to the phone, read the code, entered it in the browser, and continued into the account. It then compared an insurance renewal with an , found the renewal was about 25% higher than the saved number, and drafted an email to the insurance agent. The main change was that the SMS code became one step in the automation instead of a manual handoff.

The risk showed up during a simple spam-text cleanup test: one early filter was too broad and caught a few real messages too.

Key points

  • Claude Code used an Android phone to get past an SMS 2FA step during .
  • linked the phone and PC over home Wi-Fi.
  • In an insurance portal, it read the SMS code, entered it, compared renewal numbers, and drafted an agent email.
  • The renewal was about 25% higher than the number in the .
  • A spam-text cleanup test exposed the danger of broad filters catching real messages.
Read original