It’s a gross approximation, but…

Your desktop or laptop computer is probably toast, your phone probably isn’t.

You shouldn’t live with someone you don’t trust.

Unlikely because computer science is not about cracking or security. It’s mostly maths and some programming.

One rule of thumb for cybersecurity is that if an attacker has physical control over your device for any period of time you should treat that device as if it is already compromised, because that is how generally easy it is to compromise something you have physical access to.

However, do you actually have reason to suspect your roommate of being an attacker? Just because they have a degree, a job, and maybe some level of skill doesn’t mean they have the motivation, lack of integrity, and criminal intent to actually carry out such an attack.

If you’re concerned about something like that, there are things you can do to mitigate risk, like setting start up passwords, using disk encryption, powering off devices you’re not actively using, and physically securing unattended devices. However, basically nothing you can reasonably do will stop a determined attacker if they live with you and thus have or can easily gain physical access to your devices.

Skill: probably

Interest: Probably not

Source: Around the turn of the millennium, I enjoyed remote snooping on other people’s PCs for a short while. It was short because the contents of the PC of the average person turned out to be mindnumbingly boring.

You can buy a hardware keystroke recorder for a few bucks. Just plug it between keyboard and computer and it logs all inputs. Once they have the boot password (and maybe a bunch of others), installing malware and exfiltrating data is pretty straightforward. Doesn’t require a lick of IT knowledge either.

Bit more challenging on a laptop without external keyboard, but there are hardware solutions as well, though they’d require tinkering with your device.

Phones are harder to gain access to. Honestly if I wanted to get into your phone, I’d probably try to set up hidden cameras in spots where you are likely to enter your PIN (bed, toilet) somewhere under the ceiling and angled straight down. I’d probably try to switch the phone off as well any chance I got (long press the start button) so that you’d be forced to boot up and enter the PIN at any given opportunity to max my chances.

Actually hacking secure boot / accessing data from encrypted drives is beyond casual hackers, unless you don’t regularly update your devices and there are some active exploits published.

But seriously, low effort password sniffing is still the biggest vulnerability out there.

Honestly, regardless of their education and experience, if you have this concern about a person, you should get a new roommate, assuming there’s more to your question than just a hypothetical.

All the time, there are shitty significant others who install a keylogger or screen recorder to monitor their spouse, because they’re fucked up. A lot of the time, they don’t have any technical background, and are the equivalent of script kiddies. They do this because they’re shitty people, not because they have a degree in computer science.

Given it’s illegal, it’s very unlikely. Why go through all the effort of getting a degree (and presumably a job in the relevant field) to risk losing it all and a criminal conviction to snoop on your roommate? If you’re that paranoid put BIOS passwords on your device and get a smart plug that’ll log whenever the device draws power.

I’d be more worried about phishing the lab PCs