No owner access to OTA, no integrated sat nav and now no aftermarket tow ball - now cars are computers on wheels, that’s the price to keep safe from hackers.

TOWING with any new Skoda now means accepting a factory- integrated install for the same reason owners are denied full access ‘over the air’ update opportunity for at least another year.

Ripple effect of cybersecurity regulations agreed by the European Union and the United Nations in mid-2024 is hitting our shores.

As modern vehicles rely increasingly on digital services, cloud systems and connected infrastructure, safeguarding these environments against cyber threats has become a top priority. 

Two areas of particular focus have been touched on by Skoda New Zealand when introducing two EVs, the all-new Elroq and an updated version of its big brother Enyaq.

The Czech element of the VW Group is the first maker to go public locally about challenges and concerns that it alone assuredly doesn’t face. This isn’t just a Skoda headache. These are issues increasingly inherited by many distributors, not least those selling European fare at the moment, but ultimately cars from other parts of the world seem set to also be drawn in.

With threat of vehicles being accessed or completely controlled for criminal intent, EU regulation now demands every new car sold there must come with a certificate confirming that it’s protected against 70 vulnerabilities – including cyber attacks – during development, production and post-production.

Risk of cars becoming subject to unauthorised access, data breaches and malicious control is all too real.

Weaknesses in electronic control units, Wi-Fi and Bluetooth connections … without proper defences, even tyre pressure monitoring systems and, yes, towing arrays can be conduits to cyberattacks.

It’s more than just potential for vehicle theft. Remote hijacking is a thing. Installing malware in a vehicle’s operating system and demanding payment for its removal is also a growing issue.

The rise of electric vehicles (EVs), autonomous driving systems, and OTA updates has simply elevated this problem.

So the war against hackers is one and, regardless NZ is a backwater in this, we have been pulled into the fight, As Skoda NZ general manager Alex Brown explains today. 

Costs and complexities make it easier for makers to put up a universal defence. In respect to Skoda, products coming here are to same standard as those built to withstand greatest threat.

This is why the tow bar provision has changed for all Skoda models out here. 

Until now, it’s been possible to fit a Skoda with an after market array, as above, in preference to the factory unit. No longer with latest fare. 

To undertake towing with a latest model, it needs to come with a fancy electric operated unit (below) that slings out a towing arm from a stowage point under the rear bumper.

The revision is all to do with the wiring integrations fotr towing arrays becoming a potential back door to baddies; Skoda’s factory wiring has prevention features included. Unfortunately, there’s a side effect. 

Historic Kiwi preference is for a one seven-eight inch tow ball; on metric conversion, 47mm. Fifty millimetres is the standard in Europe. Expert advice is that you should never use a metric coupling with an imperial tow ball or vice versa. 

Replacing the ball on the new array is not possible. It’s a single cast unit. Shaving off 3mm? It can be done and would seem a straightforward remedy to avoid having to junk trailer and caravan couplings, which are very often imperial. But will alteration raise warranty implication? 

As is, the factory fit-out will demand local alteration as it has a single safety chain anchor point, but now two are required. BMW addressed this same issue last year.

Protecting against nefarious outflow of information from your car is also why Skoda is being ultra-careful about allowing owners direct usage of functions that make it easier to bring it in.

That Skoda owners here have yet to get permissions to use OTA seems highly out of step with modern convention.

We’re now well used to enjoying an unrestricted connected environment that allows wireless updates for software and firmware for our personal devices.

With cars, provision for either software over-the-air (SOTA) or firmware over-the-air (FOTA) updates is widespread, but few brands allow owners direct access. 

Skoda has determined absolute data protection has to stand, not lest once upload available subscription features avail. Yes, it has encryption technologies designed to protect from data mining, but regional sign-off is a hard and fast policy to ensure absolute security for automatic payments.

The very last thing it wants, says Brown, is for an owner’s personal data or credit card details to fall into third party hands.

It’s not just for consumer ‘feel good’. There’s also the issue of litigation. Who is the blame if this happens. The owner? The brand?

Skoda’s belief is the better the cybersecurity, the stronger the consumers’ trust in it and the better the maker opportunity to deliver an array of autonomous and on-board digital services, including more advanced safety systems.

Ultimately, to achieve this level of access and convenience, data and cyber protection needs to be in place at every stage of a car’s design and production. Plus every market into which the car comes has to be studied extensively. 

That’s where NZ is still at. It seems to be a minefield through which Skoda intends to step with utmost caution, Brown indicates. NZ being so geographically far from their headquarters perhaps adds to the complexity. Plus, Skoda itself has only so many specialists to work on so many countries at any one time. 

Forensic examination has been long-winded and Skoda gaining full appreciation of our consumer protection laws is part of that, but Brown says it is unavoidable.

“In terms of the New Zealand consumer, we need to be absolutely confident that their financial data and their privacy data, which has inherent value unto itself, is not going to be at risk.”

The ideal is this could enact end of next year so as to synch with another necessary update. 

Crash test ratings now have a five year life. End of 2027 is when the current five star citation for Enyaq retires. Skoda intends to have the car re-tested and, as the process is tougher now than last time, the car will have to be prepared accordingly, likely as not that will involve some reprogramming. A synched update makes sense.

For now, the only way to secure an OTA is to get it done by a franchise dealership, as they alone they have accredited access to the Wifi link-up.

Where does it end? Potentially, it doesn’t. 

While cars out of Europe appear first affected, this is global drive. The United States and Asia are also undertaking stricter requirements for securing software, hardware, and vehicle communication layers. 

Says one expert publication, cybersecurity.com: “Compliance will no longer be optional — it will be the baseline for vehicle approval.”

With technology advancement continuing, the pressure is on. 

VW Group has invested hugely into vehicle-to-vehicle communication. Positives from data-sharing between cars are clear. 

Again ensuring the authenticity and immutability of that data is crucial. Blockchain technology is emerging as a powerful tool to verify data transactions, manage updates securely and prevent unauthorised code injection.

The need to get it right comes at a time when Skoda is growing rapidly. Last year it produced 1,065,000 cars worldwide, a year-on-year increase of 15 percent. In addition, it  built more than 329,000 battery systems for its electric and plug-in hybrid vehicles, as well as for other VW Group models, along with more than 1,030,000 transmissions and over 500,000 engines. 

At the Czech carmaker’s main plant in Mladá Boleslav, 605,600 Skoda vehicles rolled off the production line, a year-on year climb of 4.9 percent. Elroq production began a year ago; by December 31, 112,500 had been built. The larger Enyaq achieved just over 77,000 units. 

Those numbers, these challenges? There’s a lot on the line.

Last month Skoda announced a strategic collaboration with automotive cybersecurity firm Upstream to significantly strengthen the protection of its connected ecosystem.

The industry’s ultimate hope is Artificial Intelligence. The potential that AI will take a front seat in detecting and responding to cyber threats in real time seems unavoidable, cybersecurity.com recently explained.

Machine learning models are even now being embedded in vehicles to recognise unusual patterns, isolate threats instantly, and update defences proactively. These systems will learn from each attack attempt — evolving continuously to stay one step ahead of bad actors.

Car makers are also shifting to a “security by design” philosophy. Centralised software-defined vehicle architectures — like zonal control and integrated domain controllers — will replace older, fragmented designs. This transition simplifies cybersecurity implementation and ensures consistent protection across all vehicle functions.

Starting to wish we could go back to a simpler time, when cars were basically mechanical? 

Not going to happen. Electronics, remember, are essential for now mandated safety technologies. No car is without advanced emergency braking, driver drowsiness and attention sensing and few lack intelligent speed assistance.

These are intended to be standard on all new models from Europe so the EU can achieve its stated ambition of zero road deaths by 2050.