Impersonate popular home devices on public wifi networks, or on the Internet. Exploit that "push the button on the router to allow this device to join" thing that was popular (but vulnerable) a few years ago. Subvert an insecure IoT device on the target's network. Attack from their friend's compromised device when they connect to the target's wifi, or just use their credentials. Splice into ethernet cable where it runs through a maintenance floor or a cabinet on the outside of the building. Once you're on the network either ARP spoof or just register with the router under the same name (perhaps after DoSing the legitimate device).

The network is not completely public, but even a home user's network is too weakly-defended to just blindly trust to any device connected to it.