I guess this is obvious, but hacking into the IFE would violate the criminal statute, whether it's connected to anything else or not.
That is one of the legal issues which is foremost when people pay me to hack their systems. For the purposes of the exercise my access to their systems is considered to be authorised by them, but there are obvious and severe curtailments on what I can do when I break through. Once I get in, the design of the system architecture will normally reveal just what I can or can not do without my having to actually transfer funds from the client to my numbered Swiss account.
On occasion once a penetration has been made and I've reported it I'll then be given a legitimate logon to a test system where I can really do some destructive stuff in a quarantined environment.
I'm not sure how layered or embedded aircraft systems are, but in the world of commercial systems the application layer is often riddled with holes. I'd imagine that on an aircraft the systems are very embedded.
Sorry about going on about this at such length, but these celebrity hackers tick me off no end. Those that go public in an effort to show how clever they are are no better than those thugs who mark the backs of people at ATMs in order to allow confederates to mug them down the street.
An illustration suffices: an unnamed client had an exposure which I discovered in an application which allowed userids with a certain level of access (the IDs were defined within the application and were easy to identify and clone) to move massive amounts of money to be transferred. I'm speaking massive amounts. A couple of userids could be created for the purpose of moving the money and then deleted. There was no audit trail showing who had created and deleted the IDs. The only control was that an ID had initiated the transaction and another had authorised it. The police would have issued an APB for a Mr Mickey Mouse and his partner-in-crime Ms Minnie Mouse.
When I demonstrated this in their test environment there were pale faces around the room. A couple of hours later I was presented with a very binding NDA and told that I was to be escorted off the premises until such time as the problem was remediated. Until then I would be on my full daily rate, forfeited if I made any attempt to log on again and with the most severe financial penalties if they suspected that I had leaked the information. I was perfectly happy with this arrangement and have worked for them many times since.