Back in the day, before smart phones, the risk of being hacked rested
mainly with Windows PCs.
Received wisdom was that if you just connected a Windows PC (no anti-virus
or firewall) to an ADSL modem then it would be compromised within minutes
by automatic searches from the Internet.

This went away to a great extent with NAT routers which (generally) didn't
accept incoming calls (unless configured to) so attacks mainly switched to
phishing via dodgy URLs.

This seems to be much the same today, with the NAT router being quite a
good first line of defence. Assuming remote management etc. has been
turned off.

However now we have Android/Apple/whatever mobile phones which connect
through the mobile provider to the Internet.
They don't seem to be vulnerable to the types of network based attacks
that used to compromise PCs (and now compromise IoT devices).
Is that because they aren't set up to receive incoming calls?
Something better/different?

Just thinking about this today because of a Which? article saying you are
vulnerable if your phone stops updating the OS.
I have always run Android phones well past their end of OS support and
haven't noticed any issues (but then again would I?).

What is the major difference?

Cheers

Dave R

--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

David wrote:

> However now we have Android/Apple/whatever mobile phones which connect
> through the mobile provider to the Internet.
> They don't seem to be vulnerable to the types of network based attacks
> that used to compromise PCs (and now compromise IoT devices).
> Is that because they aren't set up to receive incoming calls?

Generally, unless you pay extra for a SIM/contract that *doesn't* give
you CGNAT, then you'll get an IP addr that's not reachable for incoming
connections ...