As someone who has spent a great deal of his career in avionics design, both civilian and military, I fully agree.
Avionics computers are not PCs running linux or windows. They don't have generic user level applications. They are custom designed, custom built hardware with very specifically chosen components to do the specific job at hand. The application software is pretty much entirely custom. As far as operating systems, many still run home grown schedulers that provide a bare minimum of services. Only in the last 15 years or so have they even started using off the shelf operating systems and so forth. Even then, it's usually something like VxWorks or Green Hills Integrity or some other RTOS like that. But they have to use versions of the operating systems that conform to ARINC 653. And while ethernet has started appearing on modern systems, it's use is highly specialized. They may put an IP stack on the box to facilitate getting packets from one box to another but the content of the packets are very highly specialized and they are carefully scrutinized before they are accepted and acted upon. Not to prevent hacking but to prevent "undefined behavior". Safety requirements mandate that they carefully inspect packets coming in and drop out of spec packets according to the rules established long before the first line of code got written. Not because they're trying to prevent hacking. It's because accepting unexpected and out-of-spec data can lead to problems that make the plane hit the ground. The anti-hacking capabilities are a side effect of that scrutiny.
But even if you could get your packets into these specialized computers, how do you think you're going to hijack the box and spawn your malicious task that takes over? Like I said before, these computers aren't just PCs running Linux. They're custom built computers with an RTOS that very carefully and very deliberately partition the box to prevent tasks from corrupting each other or the operating system. And each task very specifically inspects every packet coming in before using the data so things like buffer overruns and what not simply won't work. So crafting the right kind of packet to allow you to insert your malicious code is more difficult by many orders of magnitude. Beyond that, you are extraordinarily unlikely to find a random port being open that gives you access to the OS core. That's a safety issue so it's checked before the computer can get FAA certification. The only ports available to be used are the ones that are needed and specified.
Is it 100% provable that you can't hack into the systems? No. But it's so monumentally unlikely as to be effectively impossible. Are there some systems out there that had vulnerable code make it through certification? More than likely. But even so, the threshold for making it through FAA certification is high enough that even bad code that slips through is far less vulnerable than most everything out on the commercial market.