You can buy a hardware keystroke recorder for a few bucks. Just plug it between keyboard and computer and it logs all inputs. Once they have the boot password (and maybe a bunch of others), installing malware and exfiltrating data is pretty straightforward. Doesn’t require a lick of IT knowledge either.

Bit more challenging on a laptop without external keyboard, but there are hardware solutions as well, though they’d require tinkering with your device.

Phones are harder to gain access to. Honestly if I wanted to get into your phone, I’d probably try to set up hidden cameras in spots where you are likely to enter your PIN (bed, toilet) somewhere under the ceiling and angled straight down. I’d probably try to switch the phone off as well any chance I got (long press the start button) so that you’d be forced to boot up and enter the PIN at any given opportunity to max my chances.

Actually hacking secure boot / accessing data from encrypted drives is beyond casual hackers, unless you don’t regularly update your devices and there are some active exploits published.

But seriously, low effort password sniffing is still the biggest vulnerability out there.