How did this guy supposedly get around the requirements to ACCEPT, LOAD, and EXECUTE a flight plan change; and override the altitude locked in via the MCP?
Sounds like a lot of sensationalism, or some ACARS and ADS/CPDLC implementations are a LOT different than the ones on the 744 and 748...
I think you and PJ2 may be confusing what the FMC/FMS allows the flight-crew to do (often a company decision limiting training requirements) and what the FMC/FMS software can actually do. Just because they have not put the menu items, buttons and switches on the outside doesn't mean that the software capabilities are not there. Indeed, I would be surprised if there were not several undocumented capabilities put into the software and passed through certification, so that they could be 'delivered' rapidly as upgrades just by allowing the function.
Like many control systems (such as power control systems, communication switchgear, flood gates etc) the firmware and software may have been written without any attempt at defensive coding. There are often hidden codes left over from testing that due to certification issues are not taken out - as
nobody would send that code over ACARS would they? Well seems that it is possible. I would be more interested in how he accessed the ACARS frequencies and spoofed the log in from a standard Galaxy phone. But once into ACARS I have no doubt this is possible.