Historically, yes. Although they didn't have to clone your phone. There are ways for them to hijack your SMS messages.IANAE, but is not the most common form of MA the receipt of a second 'password' (authentification code) via cell phone? Could I not circumvent simply by stealing/cloning your phone?
That is changing though. There are dedicated apps for MFA that are far more secure. Someone can still steal your actual phone and use it for the second factor, but it would have to be the actual device.
If you have the option to use MFA, always choose to do so. Do not use SMS or email to receive the codes unless there is no better option available.