So this is just a basic attack surface analysis of a networked system.
According to the article, the researchers are saying that these vehicles are vulnerable because operational components (brakes, etc.) are on the same network as non-operational components (radio, etc.).
By contrast, the 2014 Jeep Cherokee runs the "cyber physical" features and remote access functions on the same network, Valasek notes. "We can't say for sure we can hack the Jeep and not the Audi, but... the radio can always talk to the brakes," and in the Jeep Cherokee, those two are on the same network, he says.
This does tie in well with and extend their presentation last year where, given access to the car's network, they were able to manipulate its steering and braking systems. The trick will be to subvert one of the remotely accessible systems and then generate the necessary commands on the network in question using that subverted system. Maybe they are saving that presentation for 2015.