Attacking disk encryption

Ed Felten and his colleagues showed that disk encryption, the standard approach to protecting
sensitive data on laptops, can be defeated by relatively simple methods. Their attack was demonstrated on popular disk encryption programs like BitLocker (comes with Windows Vista), FileVault (comes with MacOS X) or dm-crypt (used under Linux).

Some excerpts:

The root of the problem lies in an unexpected property of today’s
DRAM memories … Virtually everybody, including experts, will tell you
that DRAM contents are lost when you turn off the power. But this isn’t
so.

Our research shows that data in DRAM actually fades out
gradually over a period of seconds to minutes, enabling an attacker to
read the full contents of memory by cutting power and then rebooting
into a malicious operating system … If you cool the DRAM chips, for
example by spraying inverted cans of “canned air” dusting spray on
them, the chips will retain their contents for much longer.

This
is deadly for disk encryption products because they rely on keeping
master decryption keys in DRAM. This was thought to be safe because the
operating system would keep any malicious programs from accessing the
keys in memory, and there was no way to get rid of the operating system
without cutting power to the machine, which “everybody knew” would
cause the keys to be erased.

Our results show that an attacker
can cut power to the computer, then power it back up and boot a
malicious operating system (from, say, a thumb drive) that copies the
contents of memory … search through the captured memory contents,
find any crypto keys that might be there, and use them to start
decrypting hard disk contents.

There seems to be no easy fix for
these problems. Fundamentally, disk encryption programs now have
nowhere safe to store their keys.

More details here and here

In a related post, he also explains how to attack laptops when they are in sleep mode.