Ethical hacker bypassed fingerprint scanner with green onion

The Humans of Talos interview published May 13, 2026, profiles Philippe Laulheret, a senior vulnerability researcher who tests software, hardware and physical systems to find security flaws before they are exploited. He conducts analysis and experiments and shares technical findings so detection rules and patches can be developed.

Laulheret described his role in the interview: “Basically, my job is to find vulnerabilities in software, hardware, or things physically.” He said his team selects targets they consider important rather than waiting for client requests, and then hands off details so others can build safeguards for customers.

His methods include reverse engineering, code review and hands-on testing of devices. He recounted a test in which a green onion was used to bypass a fingerprint scanner. The example illustrated that simple materials and straightforward techniques can defeat some biometric systems.

Laulheret traced his skills to early curiosity about how software works. He played Capture The Flag competitions in his teens, exercises designed to teach finding and exploiting bugs. Those challenges provided practical experience he kept while working in other fields.

His education began in France, where he completed intensive math and physics preparation before attending an engineering school focused on electrical and computer engineering. After moving to the United States, he worked for about four years in a design studio building interactive installations while maintaining security practice on the side. He later joined a cybersecurity startup in New York and then moved to the Pacific Northwest to work full time in vulnerability research.

He emphasized that real-world security work is quiet and detail-oriented, requiring researchers to think like attackers to anticipate how systems can fail. The proactive testing model he described aims to let internal teams and clients develop detection rules and patches for widely used products before malicious actors find the same weaknesses.

The interview offers a look at how formal engineering training, competitive practice and hands-on experiments combine in the daily work of a vulnerability researcher.