A security research team with members from private industry, academia, and the Department of Homeland Security has successfully hacked a Boeing 757. The actual test was completed last year but has just been made public at a security conference. Specific details of the hack weren't disclosed for obvious reasons, but the researchers gained access to the aircraft's systems on a runway through radio frequency communications.
The researchers were able to came up with the attack after being given just two days with the airplane. The attack was done in an artificial scenario described as in between a lab environment and the real world. Although the hack wasn't done on a physical airplane in the sky, that doesn't mean it couldn't potentially happen.
Robert Hickey, an aviation program manager with the cyber security division of the DHS called the attack "a remote, non-cooperative, penetration" which means "I didn't have anybody touching the airplane, I didn't have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft."
Although the specifics of the test are still classified, Boeing has denied any vulnerabilities in their planes. It's not clear how likely this attack is to happen, but fixing bugs in airplane code is nearly impossible. Hickey estimated changing a single line of code across a fleet would take a year and cost $1 million. Although modern airplanes have incredibly strong security defenses, the older Boeing 757 was built in an era where security wasn't as big of a concern.