After actually finally gaining access to my first CID/IC pair which was on a pre-Defcon firmware....... I think the shadow file method they noted is a bit misleading. Yes, the passwords in the shadow file in the firmware dump are completely lame (and still are as far as I know). The password for the root account is "root" and the password for the tesla account is "tesla" and finally the nvidia account password is "nvidia". *But,* those passwords don't actually work for logins because they're !'d out (locked), and they have been like this even in the earliest firmwares I've since gotten a hold of (2012). The only passwords that actually work to get into the CID are the tokens for tesla1 and tesla2, which up until recently were in fact stored in plaintext on the CID and also sync'd with the IC, and the only way into the IC was with an ssh private key stored on the CID. So... yeah. I don't think anyone was going to be able to duplicate those efforts based on the info they provided. Lots of showmanship by these security groups, for sure, but no one is really giving up a usable way into the Model S. Good tidbits, like knowing the existence and location of the plaintext tokens, but you weren't getting into a car based on their info, even one with outdated firmware.
Personally, I sacrificed an IC and CID by desoldering the flash chips (boot flash and eMMC) and resoldering them to a custom board in order to directly access the data contained with the hope of finding a way in. Obviously I found a few.
Interesting. Well, the kernel doesn't appear to have changed at all for quite some time, so, not sure where that info comes from.
Edit: Actually, I think I know where Wired would get that idea now that I think about it. But, not my place to disclose.