The reason I ask is that I've suddenly gotten 42 calls from different states in the past 2 hours (up from the usual 1-2 spam calls per week). These are extra weird because they often don't wait more than a second before hanging up and calling again, which makes it feel like they're trying to brute-force something. They also sometimes-but-not-usually call from the same number multiple times in a row, which is unusual for spammers.
Part of me wants to answer one of them just to see if it is a garden-variety scammer, but I'm also pretty sketched-out. I wonder if it has to do with the "Zoom Bombing" or related activities.
Any info is appreciated.
1. If you've enabled voice verification on a service, like your bank account, recordings of your voice or AI generated recordings (based on you saying Hello, Yes, No, etc.) could be used to attempt to access those records. Even if you don't hear a lot about that today, I believe it's coming as a threat vector and will be more frequent.
2. I have a good friend whose family was scammed out of several thousand by one of those "Your child has been kidnapped" type scams. Allowing people who aren't authorized to call you enables these types of interactions. What happens further down the line when AIs are able to imitate the voices of your loved ones?
Some would see these comments as over-reacting which I totally understand. I'm just pointing out that there are potential threats, and not assigning any probabilities to them.
I do run a spam blocking app called CallStop that can try, it might solve your problem: https://apps.apple.com/us/app/callstop-call-manager/id145589...
It requires unknown callers to send you a whitelist request or enter a PIN to call you.
Modern mobile phones do send/receive call data in a digital format (albeit over an analogue transmission medium), so there is theoretically the potential for deserialisation vulnerabilities, buffer overflows, etc.
I'm not an expert in mobile telephony protocols, however my current understanding is that RCE/crashing a mobile device just by calling it using a standard phone line is extremely unlikely, but not impossible.
However, for desktop phone equipment (think office IP phones), the attack surface is significantly larger and there have been numerous proven attacks and against them, but these (almost always) require access to the phone via an IP network, rather than a traditional phone line.
Other 'calling' apps such as WhatsApp or Skype are a completely different question, as you've already noted.
If you're not a high-value target, I'd say that it's not a risk to be concerned about individually. Just keep your phone patched and follow other general best-practises.
In the event that a major vulnerability via phone call was discovered, it would most likely either be used in targeted attacks against high value individuals, or it'd be used in large scale 'annoyances', e.g. by teenagers pranking their friends.
As for your actual question, the repeated scam calls were most likely a broken automation system (as @lima said), or just a nasty scammer that really wanted you to answer.
As a side note, this article [1] by Google Project Zero goes into quite some detail about the fully remote/unattended attack vectors present on an iPhone. Though not directly related to your question, it's a very interesting read.
[1] https://googleprojectzero.blogspot.com/2019/08/the-fully-rem...