The fact that this researcher is a licensed pilot does not necessarily mean much; the pilot license only certifies that he knows how to fly a plane, not that he knows in detail about all the systems in one.
IFE systems do show telemetry data from aircrafts' EICAS, though -- things like ground speed, altitude, temperature, etc.
I'm not sure on the specifics since Boeing has kept silent about the whole debacle, but I do wonder whether the IFE and avionics are airgapped on all aircraft, and whether you could exploit them if they aren't.
It's that very silence that makes me suspicious. Security through obscurity is only a reasonable defence if you know you are otherwise insecure. That said, it's also common when big companies have security concerns, valid or not.
The first attack demonstrated involves spoofing electronic messages from air traffic control. These include instructions to fly to a certain waypoint or at a certain altitude. The pilot can accept these instructions and update the autopilot with the press of a button, which is easier and less error-prone than communicating by voice and entering the data from the cockpit.
Critically, these instructions cannot cause the autopilot to do anything without input from the pilot, nor can they keep the pilot from disengaging the autopilot and flying the plane manually.
The second attack described involves accessing flight control systems by way of the onboard entertainment system. I would be shocked if this is actually possible.
The fact that this researcher is a licensed pilot does not necessarily mean much; the pilot license only certifies that he knows how to fly a plane, not that he knows in detail about all the systems in one.