Making the Gromit Unleashed trail a virtual reality for hospitalised children

This summer Wallace & Gromit’s Grand Appeal partnered with engineering researchers to bring virtual reality into Bristol Children’s Hospital, helping patients unable to leave the hospital experience the award-winning sculpture trail.

a young patient tries the VR experience at Bristol Children’s Hospital

Hundreds of thousands of people from across the UK and overseas took part in Gromit Unleashed 2, the third arts trail from Bristol Children’s Hospital charity The Grand Appeal. There were 67 giant sculptures of Academy Award®-winning Aardman characters, Wallace, Gromit and Feathers McGraw – all designed and decorated by a local and high profile artists and brands, including Pixar Animations Studios and DreamWorks.

The ‘Gromit Unleashed 2 VR Experience’ was developed by Bristol Interaction Group, a research group in Engineering, and Large Visible Machine, an independent mobile platforms game studio.

PhD student Gareth Barnaby, who led the VR project, said: “It’s been a great experience to combine our technical expertise with the tireless enthusiasm of the people at The Grand Appeal to create a fun project to be deployed in the real world and brighten people’s days in hospital.

“As a PhD student, it can be hard to see where academia and the real world intersect. This project has shown the difference our work can make and the huge benefits technology can bring. Thanks to everyone at the University who has put in their time to make this project happen, and a huge thank you to The Grand Appeal for the hugely impactful work they do, and for the opportunity to be a part of it.”

Children with complex needs or those undergoing intense treatments, such as bone marrow transplants, are unable to leave hospital, so the University donated over 200 sets of Google Cardboard and two Google Pixel phones, for patients without access to a smart phone. Using the headsets, through virtual reality technology patients are transported to the streets of Bristol to see the sculptures up close and personal in a live setting with the use of 360 camera technology.

Nicola Masters, Director of The Grand Appeal said: “Bristol Children’s Hospital and the 100,000 patients it cares for each year sit at the heart of absolutely everything we do. Virtual Reality is a powerful tool, and what better way to harness this than to bring the trail to the bedsides of young patients who are too poorly to leave their bed or their ward. Taking part in such an immersive and interactive experience is having a brilliant impact not only on the child’s wellbeing, but also on their rehabilitation and recovery in hospitals.”

Email phishing… and why you’re easier to hook than you think

User receiving a phishing bank email

Phishing is coming to an inbox near you… And the attacks are getting more sophisticated by the day. Rob Larson from the University of Bristol’s Cyber Security group talks to us about the latest developments and how you can protect yourself online

Last year, 76% of organisations experienced phishing attacks, with nearly half noticing an increase from the previous year*. According to the FBI, American businesses lost $12.5 billion through corporate email attacks. Closer to home, the NHS ransomware attack of 2017 affected dozens of authorities; staff resorted to using pen and paper, and operations were cancelled, with potentially life-threatening results.

Not only are these attacks on the rise, but scammers are turning to ever-more sophisticated methods, exploiting moments in our everyday lives when we’re at our busiest and most vulnerable.

Rob Larson from the Cyber Security group
Rob Larson from the Cyber Security group

This is an area which interests Rob Larson, whose PhD focuses on online social engineering attacks. He questions the long-standing idea that individuals are the weakest link in the security chain, instead seeing them as an asset and the first line of defence. He believes that a strong organisational defence is multi-layered, with systems fortified through technology and staff trained to understand the psychology of phishing attacks.

Rob explains the prevalence of phishing attacks: “When it comes to defences, organisations have traditionally put up a perimeter, to keep the bad guys out, and locked down the systems inside it, in case they get in. So it’s often easier to just target the users of the systems, sitting behind the defences.”

We asked Rob about the wide-ranging aspects of phishing – and for some advice on what to look out for online.

Rob’s background…

“I’ve always had an interest in the psychology of social engineering, such as phishing scams, and why something so simple remains so effective.

“As a computer scientist, I wanted to understand how they’re performed, why they’re successful and what defences are available. I really wanted to bring our understanding of social engineering up-to-date and address this belief that the people who fall victim are at fault.”

On the evolving face of phishing…

“Phishing can be a very low-cost, low-overhead attack as opposed to using exploitative code to break through a hole in the system, or other costly techniques. Traditionally it was deployed willy-nilly with hundreds to thousands of emails being sent, as spam. Now, we’re seeing not only an increase in the number of attacks, but also an increase in their sophistication. Instead of casting a wide net with a mass generic email, they’re targeting a small number of people with content which is more relevant to the recipient.

“Take a university, for example, the email might talk about systems such as ‘Blackboard’ which students within the university actually use. It might reference specific personal details to seem more legitimate, such as their student ID number or course name. Links in the email might then take users through to a website which is tailored to look like the university’s web portal login, asking the target to input their username and password.

Email phishers can use personal information and a sense of urgency to trick users

“It’s common to see emails putting pressure on the target to elicit an emotional response. Fear of loss is a common one, like replicating a university email and warning the student that they’ll be withdrawn from their course if they don’t respond quickly. If the student clicks on the link they’re redirected to a fake university system and once they’ve logged in the system steals their credentials. The email will thank them for confirming attendance so they’ve no reason to suspect anything.

“These emails have a greater degree of sophistication and subtlety… They’re similar to earlier, more generic phishing scams, but are well-targeted and done in a way that users are less likely to report them, or even notice they’ve fallen victim to anything.”

On spear-phishing…

“Part of my research is trying to understand the spectrum of spear phishing and how sophisticated the attacks get. Spear phishing is a bit of a different animal to the more generic, widely distributed spam-like email; it might be a bit more specific, mentioning you by name. It could come from a contact which looks familiar or appropriate, such as a friend or a colleague, or may include some personal information. It’s quite common to see scammers deploying persuasive techniques in these emails, that leverage authority. For example, they might impersonate your boss and importantly, it might be requesting urgent action.

“Scammers often want a quick reaction – they want you to just respond on auto-pilot. You’re taking a heuristic route and going off your gut, rather than taking time to think it through. It’s something we do naturally, that we need to do to work effectively, and they take advantage of that.”

On ‘crime as a service’…

“Spear phishing used to be so labour-intensive. It was the preserve of people who had the time, money or interest; state actors; organised criminals after big money; or cyber criminals with a persistent interest in a target;

“But now you can buy this kind of service on the Dark Web, for as little as $25. Criminals can go there and say: ‘I want to impersonate a bank, I would like that bank’s website and login page cloned.’ They can pick-up a similar domain and a security certificate. It’s gotten to the point that for very little cost, they can even hire a call centre, and direct users there to steal information by a different route, or add a degree of authenticity.

“It’s a perfect storm. Stolen personal information can be bought and sold online. You can buy tools and services to generate websites, and software packages to generate phishing emails that already include these psychological ploys within the templates.”

On whaling (or ‘CEO phishing’)…

“Whaling, or Business Enterprise Compromise is also increasing dramatically. Think of whaling as ‘phishing’ for a really big fish. For example, criminals target someone in finance and the CEO of the company. They might compromise a device on the company’s network, and send an email appearing to come from the CEO instructing someone in finance to make a money transfer.

“In the past five years, according to the FBI, this kind of fraud has cost US business $12.5 billion. That’s not a small figure by any kind of reckoning. If we’re talking about subtlety or lightness of touch, whaling is right at the top end of the spear-phishing spectrum. The focus is on one person and it will be very targeted and very specific.”

On social-media phishing…

Facebook users who ‘check in’ may be a target for hackers

“Another good example of phishing is on Facebook. Someone might visit a club, and check in on Facebook – the scammers message them that they’ve been tagged in a photo at that particular club on that particular night. They click on it because it’s somewhere they actually were, maybe they’re worried that it’s a terrible photo that they don’t remember. If the hackers manage to compromise the target’s social media account they can then use that to launch targeted attacks on their contacts.

“Recruiter scams are also common. Because many legitimate companies recruit primarily through LinkedIn, it’s definitely a good place to be if you’re job hunting. People put loads of information on there about their university and educational history, crucially, the kind of job roles they’ve held in the past and are currently looking for. A prevalent attack comes from fake recruiters or head-hunters. With all the information people are sharing about themselves it’s very easy for a scammer to tailor a convincing job offer email.

“It’s easy to say be careful about what you share online, but it’s always a toss-up between the benefit you’re getting from using an online service and the risk.”

On what to look out for in phishing emails…

“Despite this greater sophistication in scams, a lot of the advice given about spotting phishing still stands up. So watch out for any of any of the following when you receive an email:

  1. It’s generic or impersonal: they don’t greet you by name or mention your account number, instead using an ambiguous greeting such as “Dear user, student, or customer”.
  2. The message looks odd: spelling or grammar errors are common in less sophisticated attacks. Company branding or logos may be incorrect or appear poorly formatted.
  3. The email address of the sender looks wrong: for example, a message might claim to come from ‘billing@yourbank.com’ but the email shows as ‘billing@y0urb4nk.com’. However, it is possible to impersonate or ‘spoof’ addresses, so you shouldn’t rely on this alone.
  4. It’s asking for sensitive or personal information: such as your password, PIN etc.
  5. It’s trying to rush you with an urgent deadline to respond.
  6. It has a suspicious link or attachment: similarly to email addresses, links that do not match the web address of the company or service the email claims to represent.

On protecting yourself online…

“As I’ve mentioned, a common goal of these scams is to steal your username and password.  Don’t forget to use different passwords for different services and use strong passwords too. It doesn’t have to be the letters, numbers and special characters thing that a lot of sites promote – you could use pass-phrases like six random words, tied together with hyphens. But make sure the words aren’t related to you and are as random as possible. Personally, my preference is to use a Password Manager which generates strong passwords and stores them securely. I’d also recommend services with two-factor authentication, that’s when you login and have a second code sent to you.  So, even if your username and password is stolen they still need another piece of information.

Two-factor authentification
Google’s two-factor authentification helps to secure your login

“There’s been a lot of advice about phishing and social engineering detection. Some of it is really questionable. For example, ‘don’t click on things’ – that’s like saying you should never leave your house if you don’t want to get mugged!

“My advice is to treat any approach like somebody coming to your door to sell you something. If you don’t have the time to check their credentials, don’t play into their time frame. If you’ve got 50 emails and one pings a red flag to you, put it into a folder, crawl through the other emails, and come back to this one when you’ve got time to look at it properly. Don’t reply to it, don’t click on the link, don’t open the attachment. If the email claims to come from an external organisation, such as your bank or University, call the bank directly via information on their official website rather than links or numbers in the message. If it’s from a friend or someone internal to your organisation, drop them a quick call to check.

“At the end of the day, it’s important for individuals and organisations to understand that even with extensive training and a detailed understanding of these scams people still fall for them, because they leverage vulnerabilities present in all of us and happen whilst we’re distracted by other things.”

On collective responsibility…

“People will still mistakes, such as choosing weak passwords, so organisations need to support them with technology and policy where possible, such as taking measures to prevent weak passwords being used or limiting the speed at which attackers can try to guess a password. An awful lot of the systems and countermeasures out there still fail to support the user adequately, meaning these relatively simple attacks remain a big problem.

“So for my PhD, I wanted to find out what’s really going on. I wanted to give something back to help people devise better training, build better defences and create software to lessen the burden on users and to ultimately make people’s jobs easier in the fight against cybercrime.”

More information

CPNI: Don’t take the bait – https://www.cpni.gov.uk/dont-take-bait

NCSC: Defending your organisation – https://www.ncsc.gov.uk/phishing

NCSC: Password guidance – https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach

The University of Bristol’s Cyber Security Group is part of the Academic Centre of Excellence in Cyber Security Research (ACE-CSR) at Bristol. The group’s research focuses on three over-arching but interlinked strands: security of cyber-physical infrastructures, software security and human behaviours.

* https://www.wombatsecurity.com/news/76-organizations-report-being-victims-phishing-attacks

From India to the UK: Top tips from an international student

Starting university can be daunting at the best of times, but even more so when you’re studying overseas and leaving your home country for the first time.

That’s what Indian student Samia Mohinta faced when starting her MSc in Advanced Computing last month. Samia has thrown herself into life in Bristol and has some advice and insight for others in a similar position…

Hello readers,

Are you having cold feet – terrified to leave your home country? Or have you taken the big leap, but missing home? Keep reading! This post lists all that I found useful while coming to the UK and after two weeks of being here.

This is my first time anywhere outside India. I am an avid traveller, but stepping out of India, to go to a place for a year without family and friends, did freak me out. So, trust me, I can understand how you all are feeling. Don’t worry, you are not alone.

Here are a few tips to help organise yourself and shake off the blues before and after you travel to the UK:

  1. Prepare beforehand: If you are planning to study at the University of Bristol, get an idea about the city before you arrive. Bristol is hilly, so start working on improving stamina, because you’ll need a lot of that when you climb up to reach your lectures. There are quite a few blogs on the city of Bristol and reading one of those will give you sufficient information of what the city is like. Currently, for me, it’s fantastic.
  2. Review your goals: Think and write your aspirations on a page. Judge your potential. The Indian model of imparting education is very different from here. Unlike in India, you won’t be spoon-fed with information and details all the time. You need to be self-motivated and alert to grab the opportunities that come your way.
  3. Understand the course you are going to take: Go through your course modules and check if you understand what it’s about. This is very important. I have seen a lot of my friends dropping out of courses that they chose without self-judgement of potential. Follow your interests and think about your existing experience and skill set.
  4. University of Bristol flags at Heathrow airport
    Reach out for help: If you are travelling alone from India to UK, reach out to people if you face any problem. Don’t panic. Speak to your co-travellers, even if you don’t know them and ask for advice. You shall definitely find someone travelling to the same or a nearby place. Team up! I myself had a four-hour delayed flight, which led to a lot of problems after landing in Heathrow. I reached out to the University representatives, who were present at the airport, bus stops and train stations, and got my issues sorted.
  5. Only pack for one week: Don’t fill your bag with unnecessary stuff. Bring dry food to last a week. Pack some cooked food, just to soothe your cravings. Bring hoodies, warm jackets, gloves, mufflers and sweat shirts. Also pack a few cottons and summer dresses. If you can, pack a pressure cooker or a rice cooker – extremely useful to prepare a quick meal. Carry some cloth hangers and air-tight tiffin boxes as well.
  6. Indian food: Do not carry a lot of Indian spices because you can get everything in the supermarkets. But I shall ask you to pack a small amount of flour or rice for making chapattis or rice, so that you do not need to rush to a supermarket immediately after you arrive. There are a lot of Indian restaurants all around the city, pop in to satisfy your occasional cravings. Take a bus to Easton and find loads of Indian stuff.
  7. When in Britain, do as the British do: Try and get a brief idea about the British culture. You should know how to greet people when you meet them. In India, we usually don’t shake hands, but here it is a common courtesy. Be polite and friendly.
  8. Make new friends: I know it sounds weird. You cannot just be friends with someone after a tiny chit chat. However, meet a lot of people. I am not suggesting you to jump into parties, but during uni hours speak to your classmates and get to know each other. You can join a few societies or clubs (there are nearly 200 clubs and societies in UoB) and make a few friends. Get out of your comfort zone and shake a leg at a dance taster session.
  9. Exploring Bristol harbourside
    Explore Bristol, reduce boredom: Bored with sitting at home? Grab a backpack and put your travel shoes on. Time to explore Bristol! Bristol boasts of beautiful parks, hot-air balloons (I am personally fascinated with these), Ferry rides at the Harbourside, the Clifton Suspension Bridge (loved the view from it), Museums and some fantastic graffiti decorating the walls of the entire city. Get a student’s one-day bus pass for £3 and explore the Bristol inner zone. You can also buy an outer zone pass that lets you access Bath and Bristol completely for a day.
  10. Take your modules seriously: Go to the lectures. Don’t get unnerved if you find the first few a little difficult. Read the materials and ask for help from your professors. There are dedicated teams for mental health in the University, who can help you cope with the study pressure. A lot of Indians study at UoB as well, reach out to them via the Indian Society and share your worries.

Life is all about taking risks. Sign yourself up for an adventure every day and reap the satisfaction it brings. This new world in Bristol is a lot different from yours back in India. It is way more organised. It is also extremely welcoming. Be confident. You shall shine!

Thank you for being with me till the end.

PS : I shall come back with some other fun stuff about my adventures in Bristol. Stay tuned!

Student well-being

There are many options at Bristol if you need any support settling into University life or just need to chat to somebody. Find out where to get help here.

Best of the Impossible Garden (so far)

The Impossible Garden is a set of new experimental sculptures, by artist Luke Jerram, inspired by visual phenomena. The exhibition is a collaboration with Bristol Vision Institute and aims to enhance our understanding of vision. All summer visitors have been exploring the garden and discovering engaging art exhibits, designed to stimulate debate about how visual impairments can affect our perception of the world around us. We gathered some of the best Instagram shots of the exhibits so far.

 

View this post on Instagram

 

By Luke Jerram

A post shared by Picci (@pierpaoio) on

 

View this post on Instagram

 

Just a little glimpse of @lukejerramartist’s Impossible Garden at @brisbotanicgdn 🌿

A post shared by Lauren (@thelaurenidentity) on

 

View this post on Instagram

 

A taste of the glitch bench; this and many other exhibits designed to challenge your ideas of sight in the #impossiblegarden

A post shared by Bristol Botanic Garden (@brisbotanicgdn) on

Think you can do better? The University of Bristol Botanic Garden is a riot of colour as the season change, so grab your camera. The Impossible Garden is open to the public until Sunday 25 November 2018. Open from 10 am until 4.30 pm, 7-days-a-week, including bank holidays. For those with visual impairments, we have audio and braille copies of the brochure available.

Find out more about the Impossible Garden.

Games Day: Playing with students’ creations

Every year third year MEng Computer Science students work together in teams of six to create a state-of-the-art computer game. The groups spend up to 2400 hours between them building games that will thrill, delight or immerse the player and provide a spectacle for those watching them play. ‘Games Day’ is an annual tradition for the games to be played, showcased and marked. We spoke to senior Lecturer Dr Tilo Burghardt and students on the course to find out more.

In their games, students integrate technologies from across various computing subjects whilst flexing their creative muscles building new worlds and scenarios to explore. The CS students often work with MA Composition of Music for Film and Television students to produce the soundtracks for their games. They also get advice from industrial mentors in the games, software or media industry.

The department of Computer Science (which sits in the School of Computer Science, Electrical and Electronic Engineering, and Engineering Maths) has been running a computer games module since 1996.