How do they get in?

Through physical access (“I just needed to check your texts”), sneaky features like cloud syncing, or techy tricks like spying on your Wi-Fi. Some methods are digital. Others are emotional.

So how does the digital mischief actually begin? Not through black-hooded hackers and Hollywood code storms, but through everyday doors left ajar—some of them kindly labelled “family features.”

Attack vectors are simply the ways someone gains access to your devices, accounts, or information. It’s not always obvious. Sometimes it doesn’t even look like “abuse.” But the outcome is the same: control through visibility.

Here’s how it usually starts.

Physical access

Let’s begin with the obvious: if they can get their hands on your phone or laptop, they can do a lot. Installing monitoring apps takes less than five minutes. Some are hidden so well they don’t show up on the screen at all. Sometimes the access is old news—perhaps they helped you set up the phone, or gave it to you in the first place.

Other times, it’s more casual: “You left your phone on the table again.”, or “Your screen was unlocked—I thought I saw a message for me.”

Even brief access, repeated over time, can open the door to long-term surveillance. Devices with weak or no screen locks are especially vulnerable. So are “shared” tablets or computers where accounts are never really signed out.

Social engineering

No software needed—just persuasion, pressure, or plain emotional manipulation.

“Why don’t you trust me?”, or “You’d tell me your password if you had nothing to hide.”, “This is just so I can help you if something happens.”

Also common: the use of children as leverage (“It’s for their safety”), appeals to practicality (“We need to share calendars for logistics”), or claiming forgetfulness (“I lost access again—just text me your code real quick”).

This isn’t hacking in the traditional sense—it’s trust, bent out of shape. It works because it’s human, not technical.

Network exploitation

Sharing a Wi-Fi connection? Using a router they installed? That can give them a backstage pass to your internet activity.

With a bit of knowledge—or a friend who knows what they’re doing—they can see which devices are connected, when you’re online, and even capture unencrypted traffic. In 2025, some smart routers come with apps that monitor every connected device by default.

Public or shared networks (e.g., university halls, cafes, or family homes) also carry risk. A determined person could set up a fake network that looks familiar, tricking your device into connecting automatically. That’s called a “man-in-the-middle” (MITM) attack—not quite as dramatic as it sounds, but still dangerous.

Cloud syncing abuse

Here’s where things get slippery. Services like iCloud, Google Drive, Dropbox, and OneDrive automatically back up photos, messages, documents, and more. Very handy—until someone else has access.

If you share an account (or once did), they may still be able to see synced content long after the relationship ends. This includes things like:

  • Location history and device tracking (via “Find My” or Google Location Timeline)
  • Auto-uploaded media from your phone’s camera roll
  • Contacts, calendars, even saved passwords

Cloud systems aren’t built for safety from people you know. Disabling access can be tricky, and logs showing who looked at your data are often nonexistent.

Legacy technology

A lot of older tech simply isn’t designed with today’s threats in mind. That includes:

  • Outdated phones and tablets no longer receiving security updates
  • Old routers with default logins still set to “admin / admin”
  • Smart TVs or wearables that leak data to whoever’s nearby with a sniffer tool

Sometimes these hand-me-downs are gifted with good intentions. Sometimes they’re handed over with a very different purpose. If someone insists you use their old device—even when it’s glitchy, slow, or full of “useful apps”—it’s worth taking a second look.

Legal loopholes & “family sharing” features

Many mainstream services make it remarkably easy to “share” everything with another person, assuming they’re a loving parent or spouse. This includes:

  • Amazon Household (shared purchases, device access)
  • Apple Family Sharing (location, app control, screen time reports)
  • Google Family Link (remote phone monitoring, app approvals)

These features are pitched as helpful. And they are—when used fairly. But they’re built on the idea that people who live together trust each other. That’s not always the case. Once set up, many of these tools don’t require ongoing consent to keep working, and disabling them can be confusing or alert the other person.

Some even appear under innocent labels like “Digital Wellbeing” or “Parental Controls.” But when repurposed, they become subtle surveillance tools—quiet, persistent, and hard to explain to customer support.

A word on this section

None of these vectors are sci-fi. They’re common, often invisible, and sometimes even look like kindness at first. But when viewed together—with intent—they form the skeleton of a surveillance system most businesses would envy.

The good news?

Once you recognise the doorways, you can start closing them. One at a time.