Can a device support TLS over the raw TCP protocol that all these tracking devices use?
I haven't heard about any device that supports TLS over TCP. There are some devices out there that support their own custom encryption.
Hmm, then at best it's good for reporting data only and I would be hesitant to get a tracker that has the ability to remotely start/stop a vehicle. How concerned should I be of this? Are these attacks trivial to make given that this project already has the logic to parse so many different protocols? I'm sorry if the questions seems unwarranted, I'm just trying to understand what I'm exposing myself to if the attacks could be done with minimal effort aka script kiddy friendly?
It's very unlikely that someone would be able to hijack the connection. Also, encryption won't really help either with the problem that you are describing. Only if device has a certificate validation with trusted root CAs it would prevent it.
Ah yes, if the device supports TLS then the manufacturer should also ensure that the device supports certificate validation as well. Thanks.
Isn't this a major cause of concern for a user as it would be easy to have a MITM attack? I'm trying to find a device that supports TLS over their raw TCP protocol but most of the manufacturer's documentation I've read does not talk about it at all.