NHTSA ID Number: 10165250
Manufacturer Communication Number: M650219
TSB/Document Date: 2019-09-23
Summary
SECURITY IMPROVEMENTS FOR HEAD UNITS. Security patches for non-safety critical vulnerabilities in MINI
head units Entry Nav Entry Media NBT and NBT EVO.
9/4/2019
65 02 19_SECURITY IMPROVEMENTS FOR HEAD UNITS
SIM 65 02 19
SECURITY IMPROVEMENTS FOR HEAD UNITS
2019-08-28
MODEL
F54 (MINI Clubman)
F55 (MINI Hardtop 4
Door)
F56 (MINI Hardtop 2
Door)
F57 (MINI Convertible)
F60 (MINI Countryman)
Only Model Years 2014 to 2018 are affected.
SITUATION
Security vulnerabilities in MINI infotainment control units have been identified in vehicles equipped with ID4
(either Entry Nav, Entry Media, or NBT) and ID5/ID6 (NBT EVO) head units.
Note: Entry EVO Nav or Entry EVO Media are not affected.
CAUSE
A Chinese cybersecurity research team Tencent Keen Security Lab (“Tencent”) examined various MINI
models for potential security vulnerabilities from January 2017 to February 2018. They identified and informed
the BMW Group of total of 14 vulnerabilities, five of them remotely via a mobile communications base station
that was set up specifically for the research work.
MINI vehicles are not affected by these remotely exploitable vulnerabilities, but by other vulnerabilities
requiring an attacker to have physical access to a vehicle.
In addition to the measures already implemented via the ConnectedDrive back end, a software update is
available depending on the head unit generation.
CORRECTION
Check and update head unit software
Install KISU update (Customer Initiated Software Update) depending on the head unit installed as
outlined in the procedure below
A Question & Answer document is attached.
PROCEDURE
Review and perform this procedure only on vehicles equipped with ID4 (either Entry Nav, Entry Media, or
NBT) and ID5/ID6 (NBT EVO) head units.
1. Check the I-level of the vehicle (AIR, Key read or Remote Key Read). Make note of the I-level.
2. Perform a vehicle test with ISTA. Once the vehicle test is performed, hover your mouse pointer
over the head unit as shown below. This provides the following details:
Copyright ©2019 MINI USA, a division of BMW of North America, LLC. All Rights Reserved
1/6
9/4/2019
65 02 19_SECURITY IMPROVEMENTS FOR HEAD UNITS
a. The head unit variant installed in the vehicle (arrow)
b. The HWEL (hardware electronics) number.
If the vehicle is equipped with an RSE (Rear Seat Entertainment), also check the last numbers
starting with “RSE…” in the respective column below.
3.
Is the HWEL version readout from the vehicle listed below for the corresponding head unit?
ID4 Entry Nav / Entry
Media
HWEL-0000116C
HWEL-0000116E
HWEL-00001703
HWEL-00001704
HWEL-00001705
HWEL-00001706
HWEL-000019F9
HWEL-000019FA
HWEL-000019FC
HWEL-0000274C
HWEL-0000274D
HWEL-0000274E
HWEL-0000274F
HWEL-00002750
ID4 HU-H & HU-H Rear
Seat Entertainment
(RSE)
HWEL-00000DF5
HWEL-00000DF6
HWEL-00000DF7
HWEL-00000DF8
HWEL-00000DFF
HWEL-00001018
HWEL-00001019
HWEL-0000101A
HWEL-00001294
HWEL-00001295
HWEL-00001296
HWEL-000018C2
HWEL-000018C3
HWEL-00001A41
ID4 HU-H (EVO)
HWEL-000022E3
HWEL-000022E4
HWEL-000022E5
HWEL-000022E6
HWEL-000022E7
HWEL-000022E8
HWEL-000031DC
HWEL-000031DD
HWEL-000031DE
HWEL-000031DF
HWEL-000031E0
HWEL-000031E1
ID5 / ID6 NBTEVO &
Rear Seat
Entertainment (RSE)
HWEL-00002479
HWEL-0000247A
HWEL-0000247B
HWEL-000026B9
HWEL-000026BA
HWEL-000026BB
HWEL-00002AB8
HWEL-00002AB9
HWEL-00002C14
HWEL-00002FC2
HWEL-00002FC3
HWEL-00002FC4
HWEL-00002FC5
HWEL-00003A09
Copyright ©2019 MINI USA, a division of BMW of North America, LLC. All Rights Reserved
2/6
9/4/2019
65 02 19_SECURITY IMPROVEMENTS FOR HEAD UNITS
HWEL-00002753
HWEL-00002754
HWEL-00001170
HWEL-00001707
HWEL-00001708
HWEL-00001709
HWEL-000019F7
HWEL-000019F8
HWEL-000019FB
HWEL-00002746
HWEL-00002747
HWEL-00002748
HWEL-00002749
HWEL-0000274A
HWEL-0000274B
HWEL-00002751
HWEL-00002752
HWEL-00002755
HWEL-00001A42
HWEL-00001A43
HWEL-00001A44
HWEL-00001A45
RSE HWEL-00000E66
RSE HWEL-00000F5E
RSE HWEL-00000F5F
HWEL-00003A0A
HWEL-00003A0B
HWEL-00003A0C
HWEL-00003A0D
HWEL-00003A0E
RSE HWEL-00001EF7
RSE HWEL-00001EFB
a. Yes: Proceed to the steps below relating to the specific head unit installed in the vehicle being
serviced.
b. No: No further action is needed because the control module installed in the vehicle is not affected.
Steps for ID4 (Entry Nav, Entry Media, HU-H & HU-H EVO) head units
4. Was the vehicle last treated with ISTA 4.16.1 or higher, and is the I-level 19-03-5xx or higher??
5. YES: The vehicle already has the software that provides the vehicle with added security measures
installed. Continue with step 7 below.
6. NO: Program and encode the vehicle using ISTA 4.16.1 or higher (released early March, 2019).
7. Download and install the “Customer initiated update software” (KISU software) in the vehicle.
a. Refer to the instructions below “updating KISU data”
Steps for ID5 / ID6 NBT EVO (HU-H2) head unit:
8. Was the vehicle last treated with ISTA 4.01.1 or higher and is the I-level 16-07-500 or higher??
9. YES: The vehicle already has the software that provides the vehicle with added security measures.
No further actions required.
10. NO: Program the vehicle with ISTA 4.01.1 or higher.
Note:
ISTA will automatically reprogram and code all programmable control modules that do not have
the latest software
Always connect a MINI approved battery charger/power supply (SI M04 08 09)
Copyright ©2019 MINI USA, a division of BMW of North America, LLC. All Rights Reserved
3/6
9/4/2019
65 02 19_SECURITY IMPROVEMENTS FOR HEAD UNITS
For information on programming and coding with ISTA, refer to CenterNet / TIS / Technical
Documentation / Vehicle Programming
Steps for installing the Customer-initiated software update (KISU)
Downloading Customer-initiated software update on to a USB.
1. Prerequisites:
- USB stick with at least 500 MB of free memory and formatted as FAT16, FAT32 or NTFS filesystem.
- Access to a computer with internet access.
- The 17-digit vehicle identification number (VIN) of the customer vehicle.
2. Download the software:
- Open the website: https://www.bmw.com/update
- Enter the 17-digit vehicle identification number (VIN).
- If the update is available, download the software (example: UPD 09042.bin) onto the USB stick.
3. Installation in the vehicle – updating of head unit:
- Vehicle must have the minimum I-level specified in this bulletin.
- Connect the USB in the center console of the vehicle.
- Then install the software in the vehicle ("iDrive settings" / "Software update").
WARRANTY INFORMATION
Covered, one-time as described above, under the terms of the MINI New Passenger Car Limited Warranty.
Defect Code:
8411900100
Fx Security enhancements for head units
The vehicle is already in the workshop, or if applicable, completion before the first delivery of the
vehicleWork Pkg
Labor Operation
Description (Plus work)
Labor Allowance
#1
00 66 667
Programming and encoding the vehicle only
(includes connecting an approved battery
charger/power supply and performing a vehicle
test)
Refer to AIR
00 66 668
Programming and encoding the vehicle (includes
connecting an approved battery charger/power
supply and performing a vehicle test) and installing
customer-initiated software update (KISU data)
Refer to AIR
00 66 669
Installing customer-initiated software update (KISU Refer to AIR
data) (The vehicle is already at the specified Target
integration level or higher)
Or:
#2
Or:
#3
Copyright ©2019 MINI USA, a division of BMW of North America, LLC. All Rights Reserved
4/6
9/4/2019
65 02 19_SECURITY IMPROVEMENTS FOR HEAD UNITS
If you are using a Main labor code for another repair, use the Plus code labor operation above that applies
instead of the Main labor code.
Or:
The vehicle arrives at your center, this action applies and it has not been previously performed (No
other Main work will be performed/claimed during this workshop visit)Work Pkg
Labor Operation
Description (Main work)
Labor Allowance
#4
00 66 090
Programming and encoding the vehicle only
(includes connecting an approved battery
charger/power supply and performing a vehicle
test)
Refer to AIR
00 66 091
Programming and encoding the vehicle (includes
connecting an approved battery charger/power
supply and performing a vehicle test) and installing
customer-initiated software update (KISU data)
Refer to AIR
00 66 092
Installing customer-initiated software update (KISU Refer to AIR
data) (The vehicle is already at the specified Target
integration level or higher)
Or:
#5
Or:
#6
Refer to AIR for the corresponding flat rate unit (FRU) allowances.
During the same workshop visit, if a vehicle also requires another Technical Campaign or repair that also
includes programming and encoding the control units, the programming procedure may only be
invoiced one time.
Claim Repair Comments
Unless additional related/in conjunction work was required (not addressed and/or included in one of the
options provided above), then only reference the SIB number and the work package (Pkg) number performed
in the RO technician notes and in the claim comments (For example: M65 02 19 WP 1), unless otherwise
required by State law.
Programming and Encoding - Vehicle Control Units (RO and Claim Comments Required)
The programming procedure automatically reprograms and encodes all vehicle control modules which do not
have the latest software i-level. If one or more control module failures occur during this programming
procedure:
Please claim this consequential control module-related repair work under the defect code listed in this
bulletin with the applicable AIR labor operations.
Please explain this additional work (The why and what) on the repair order and in the claim comments
section.
For control module failures that occurred prior to performing this programming procedure:
When covered under an applicable limited warranty, claim this control module-related repair work using
the applicable defect code and labor operations (including diagnosis) in AIR.
Supporting Materials
picture_as_pdf M65 02 19 Q_A.pdf
Copyright ©2019 MINI USA, a division of BMW of North America, LLC. All Rights Reserved
5/6
9/4/2019
65 02 19_SECURITY IMPROVEMENTS FOR HEAD UNITS
Copyright ©2019 MINI USA, a division of BMW of North America, LLC. All Rights Reserved
6/6
Attachment M65 02 19
August 2019
Q&A – Security Improvements for Head Units
1. What vulnerabilities were identified?
Potential vulnerabilities were identified in BMW Group MINI Vehicles by Tencent’s Keen
Security Lab (“Tencent”) during extensive testing and research of the BMW Group
ConnectedDrive system and related infotainment components in the vehicle.
2. What Was the Risk?
No drivers or road users were ever at risk. Tencent research showed, that a successful
exploitation of the vulnerabilities required among other things, mastering a long, complex
exploit chain, access to specific vehicle components, action by the attacker as well as the
driver, in order to pose a risk. Vulnerabilities in BMW Group MINI vehicles require a physical
connection, which requires an adversary to gain access to the vehicle’s interior.
3. How were the vulnerabilities addressed?
Software updates are available at MINI centers to close potential non-critical vulnerabilities
and increase the vehicle’s overall robustness.
4. Are the vehicles still at risk?
MINI has issued security updates which are available at MINI centers. Please contact your
local MINI center for further information.
5. As a customer, how can I find out if my car is affected or if it needs an update?
Only certain models equipped with specific electronic control modules are affected. Vehicles
built in model year 2019 and later have the latest updates installed.
Security patches in the form of software updates are available for these non-critical
vulnerabilities. Updates are available for the applicable MINI models at MINI centers and can
be installed at your next regular service visit.
6. What risks remain after all the countermeasures have been implemented?
The vulnerabilities will no longer pose a risk.
- 💯【Conta.ct us for Support Directly】If you met any...
- 🔥🔥🔥【2026 AUTEL FLAGSHIP MK900BT MK900-BT, NEW...
- 🚗【3000+ ACTIVE TESTS (50➡3000+), SAME AS MS...
- 🚗【40+ HOT SERVICES FOR 150 MAKES (28+➡40+)】Full...
- 🚗【OE ALL SYSTEM DIAGNOSE, AUTO SCAN 2.0: SCAN LICENSE...
- 【TURN OFF CEL】 This AL319 car scanner diagnostic tool...
- 【EXTENSIVE APPLICATION】 Autel AL319 Compatible with...
- 【FOR END USER & DIYERS】 This error code reader AL319 is...
- 【USER-FRIENDLY DESIGN】 This OBD2 scanner and check...
- 【HIGH-QUALITY SERVICES】 12 months war.ranty from the...
Last update on 2026-06-12 / Affiliate links / Images from Amazon Product Advertising API
If the PDF is very large, it may not load in the preview below.
Some older TSBs had multiple PDFs — visit the NHTSA Website to view all PDFs.
If the TSB PDF does not show, download or view it on the NHTSA Website.
Click on the (+) Plus Sign
Then Click on Associated Document(s)
Search NHTSA Database for Recalls
Search NHTSA Database for Vehicle Investigations
View Latest Vehicle Investigations
Search NHTSA Database for Vehicle Complaints
View Latest Vehicle Complaints
TSB/Document ID: M650219
Replacement Service Bulletin Number:
MFR Communication Date: 2019-08-01
MFR Internal Campaign ID/Software Version:
Communication Type: Service Bulletin/Repair Instructions
NHTSA Components: EQUIPMENT
MFR Component System:
MFR Component Subsystem:
Previous TSB | Next TSB |
- 【Looking for More Professional Vehicle Scan Tool?】iCarsoft E660 2026 Upgrade Version OBD2 scan tool can do it all-reads and clears trouble codes on Engine system, ABS system, Transmission system and Airbag system, And with 6 reset function. It covers more than 59 vehicle makes from 1996-2023 models ( included most USA/ Asia / EU vehicle brand) with full OBDII. (As every car model has its-owned specific car system and ECUs, not all car models have full car ECUs which may prevent the scanner from performing all listed system diagnostics or reset services. Therefore, please email to us with car VIN and services required to do scanner's services for a compatibility check before purchasing.)
- 【OE-Level 4 Systems OBD2 Scanner】iCarsoft E660 2026 Upgrade Version diagnostic scanner offers comprehensive OBDII services, allowing you to quickly scan Engine system. It supports functions such as reading and erasing codes, checking I/M readiness, viewing freeze frame data, performing O2 sensor tests, conducting on-board monitoring, testing the evap system, auto VIN retrieval, and reading both generic and specific codes, as well as DTCs and battery tests.
- 【4 Systems Diagnosis for 10000+ Vehicles】 iCarsoft E660 2026 Upgrade Version adopts unique diagnostic software, works well for most Porsche
, Benz, BMW, US Ford, Land Rover, Jaguar, Audi, VW, Volvo, Honda, Nissan, Infiniti, Toyota, Lexus, Scion, Isuzu, Hyundai, Kia, Daewoo, Mazda, Sprinter, Mini, Seat, Skoda, SAAB, EU Ford, Holden, AUS Ford, Acura, Subaru, Mitsubishi, Dacia, Renault, Fiat, GM, Chrysler, Citroen, Peugeot, Opel, Smart,Suzuki, Vauxhall, Alfa-Romeo, Lancia and etc. - 【6 Reset Services】iCarsoft E660 2026 Upgrade Version is a diagnostic tool that offers professional maintenance services, including Oil Reset, EPB, BMS, ETC, SAS, TPMS Reset. It can help you easily reset oil change indicators, recalibrate steering angle sensors, relearn replaced electric parking brake and so on. For optimal vehicle performance and maintenance convenience. (Tips: Please update the softwareafter receiving the product to obtain new service functions)
- 【118+ Real Time Record & Live Graph View】iCarsoft E660 2026 Upgrade Version can automatically record vehicle text history and identify vehicle information. Preserve real-time data information. View & Graph Live Data. Support Data Review and Print. 15 languages: English, German, Dutch, Spanish, French and so on. We promise to offer Lifetime updates (Lifetime free Update via PC), and confidence in products. We also provide 1 year warranty + extra lifetime hardware free repair if you need it in the future. We prioritize user experience & strive to meet your expectations. Please do feel free to reach out to us if you have any question or problem about the usage.
- WHY CHOOSE THE 2025 CR MAX -Upgrade the latest diagnostic capabilities for all vehicles after 1996: upgrade to 49+maintenance services; 46 extra specific functions; real all systems/all control modules diagnose; over 40K+ bidirectional actuation tests for diagnosing all control moduels of cars; Powerful full OBD2 Functions; built-in ECU Coding for BMW/ Audi/ VW/ RollsRoyce; Fr ee V.A.G Guide Function; Battery retistration for new battery adaptation and more. It covers all vehicle diagnostic services and some special professional vehicle maintenance servces, assists you to do home DIY vehicle maintenance or car repair as a pro technician.
- NEWEST IN INNOVATION FULL OBD2 SERVICES- iCarsoft auto car diagnostic scanner compatible with CAN-FD, CR MAX can do it all-reads and clears trouble codes, ALL SYSTEM DIAGNOSIS such as engine, transmission, ABS and airbag etc. CR MAX code reader for all cars can perform I/M Readiness, Live Data, Freeze Frame, Vehicle Information, Monitor Test, On-Board Monitor, E vap System Test,O2 Sensor Test,DTC Library Lookup,etc. (Warm Tips: If you car is after 2023,please contact us for compatibility; 3. It comes with 16PIN OBD2 diagnostic adapter, please check your car diagnostic socket if it is 16pin socket, if your car is 14pin diagnostic socket please contact us for the solution.)
- 49 RESET+ 46 SERVICES- Performs: Oil Reset, EPB,SAS,Throttle, D-P - F, Battery, ABS, Injector, TPMS, Suspension, AC, Head Lamp, Body Stablity, Engine, Tramsmission, Airbag, Seat, Door-Win-Roof, Fuel Pump, Door, E-G- R.+21 NEWEST SERVICES( Need update scanner)-AdBlue, Clutch, Crankshaft, High Voltage Battery, Cruise Control, NO xSensor, Rain Sensor, Stop And Start, Turbocharger, Head Up Display, Radar Camera, Vehicle Setup, Cyliner Misfire Check,Speedlimitassist, ControlUnitReset,OxygenSensor, Seatbelt. Extra 46+ extra services based on car brand.(Tips: Quantity of reset/ calibration fucitons are based on car system that your vehicle model has)
- REVOLUTIONARY 40000+BIDIRECTIONAL ACTIVE TESTS: Upgraded CR Max scanner equip with numberous of actuational test items for covering all available vehicle control modules, no longer only do simple light test or window test like other scanners, performs hardware modules test and software control modules test for checking car units or new updated control moduels work well or not after maintenance/ repair/ re-installation/ control system updated (Example for Benz- Roller Sun Blind test; Backup Camera test ;Self-test; EPB test; Transport Mode test;Boost Pressure Positioner test; Fuel Pump test; AND MORE!!).(Warm tip: The available test items are based on control modules your car has)
- ECU CODING+ BATTERY REGISTRATION- Powerful ECU Coding service for BMW/MINI/RollsRoyce / Audi/VW/Seat/Skoda/Bentley/Bugatti/Lamborghini, Improves Engine Power Performance and Optimizes Fuel Efficiency and Match New Hardware Unit to car and Customized a comfortable Driving Modes and Fixes & Updates Original Software Bug. The battery test function for checking car battery health, perform battery reset (BMS ) for replacing a damaged or aging car battery with a new one and register new battery to car ECU
- 【WHY CHOOSE CR PRO+】COST-EFFECTIVE BIDIRECTIONAL OBD2 SCANNER, COST 80 LESS THAN CR MAX, WITH THE SAME maintenance services as CR MAX, 49 Reset + 46 Brand-Specific services & ECU coding( for AU DI/BM W/ V W ONLY), OEM-level active tesing, multi-systems diagnostic(More than 4 basic systems), powerful full OBD2 functions. 2.0 GHz 4 core CPU, 16GB memory .Warm Tip: Some car models with FCA gateways, causing scanners failed diagnostic, please contact us for additional FCA adapter (please check the details in the following description)
- 【CONTACT US TO CONFIRM 】Few models need a special adapter cable, which will be available soon, please contact us for check if you are the following models: (2018&later) for Chrysler: 300, Great Jetdragon; for Dodge: Challenger, Warhorse, Durango, Cooley, Rams 1500, Rams 2500, Rams 3500, Rams 4500, Rams 5500; for JEEP: Grand Cherokee, Free Man, New Wrangler (JL), Grand Commander. (2019&later) for JEEP: Free Light, Compass. (2020&later)for JEEP: Gladiator. (2018&later) for Alfa Romeo: GIULIA; for Fiat: 500L, 500X, 500, Novo Uno fl, Toro. (2018&later) for Maserati. CONTACTING US FOR FCA GATEWAY ADAPTER.
- 【Bidirectional Test Covers 180,00+ vehicles】The CR Pro+ offers extensive actuator coverage, up to 9981 tests for AUDI A4, 4117 tests for Land Rover, 7092 tests for VW 0B-Magotan, 60776 tests for GM Chevrolet, 24611 for Benz S221, 3744 for Porsche, 114 for BMW. Beyond sending commands to basic control-units like headlights, mirrors, A/C clutches, fans, windows, doors and more, CR Pro+ CR Pro+ perform real-time bidirectional control with deeper ECU access, such as complex sensor or electronic responses or inner unit like fuel pump, injector, ignition coil, main relay, transmission coolant valve to catch potential issues. It enables you quickly locate the faults, avoid needless pa r.t swap.
- 【COST-EFFECTIVE 49 RESET SERVICE】iCarsoft Pro+features all Reset/ Adaptation/ Calibration/ Initialization service including ABS Reset/ Oil Reset/ EPB Reset/ ETC Reset/ INJ Reset/ SAS Reset/ BLD Reset/ BMS Reset/ LAP Reset/ SPS Reset/ TPMS Reset/ACS Reset/ AFS Reset/ FPP Reset/ IDL Reset/ BSC Reset/ Door Reset/ Seat Reset/ TCM Reset/ Service Interval Reset/ Brake Reset/ DWR Reset/ ECM Reset etc. IMPORTANT: CR PRO+ has been upgraded to provides numerous car maintenance functions for maintaining car systems/control units outside the systems corresponding to the above functions (in miscellaneous). NOTE:Above services vary by vehicle models, please contact us for the service list for your cars.
- 【OE MULTI-SYSTEMS DIAGNOSTICS】CR Pro+ can diagnose main vehicle systems like Engine, TCM, ABS, Airbag, Brake, BMS, Battery, windows, etc,AND ALSO diagnose vehicle specific systems like Antenna Module / Communication Control Module/ Parking Lock/Voice Control/ AC Reducing Agent Metering System,etc, helping to detect existing faults and potential faults, giving you complete vehicle health analysis. It displays module Info, real-time data graphs, such as transmission temperature, saves freeze frames to pinpoint intermittent faults. Note: Available systems vary by model. Each car model has unique systems. You can contact us for diagnoseable systems of your vehicle.
Last update on 2026-06-12 / Affiliate links / Images from Amazon Product Advertising API
This product presentation was made with AAWP plugin.