The Tech Blog

Some of you may have wondered why certain capacitors have polarity (meaning they have clearly defined positive and negative terminals) and others don’t. Let’s explore that today.

Electrolytic and tantalum capacitors are the common types that come with polarity markings. Polarity is based on of how they’re constructed internally. The electrodes are usually made of Aluminium. The positive electrode is chemically etched, and a thin oxide layer is formed on top of it that acts as a dielectric. The negative electrode is typically bare, and they have electrolyte solution in between them. When you place a capacitor with terminals swapped, it can lead to rapid breakdown of the oxide layer on the positive terminal, that causes heat generation, and even blow up. Typically, the negative terminal is clearly marked on the capacitor’s body. Don’t rely solely on the longer lead being positive; this isn’t always absolutely true. It fails anyway in surface-mount (SMD) types that lack leads entirely.

On the other hand, ceramic capacitors and film capacitors don’t have polarity markings. Their internal construction involves thin, uniform metal electrodes layered between sheets of ceramic, forming a stack that increases effective electrode area. Their symmetric design and use of inert ceramic dielectric material mean they are non-polarized and can be installed in any direction.  

Sometimes, we might need to use capacitors in AC circuits, where the voltage constantly alternates polarity. In such scenarios, we typically use special non-polar electrolytic capacitors designed for AC, or connect two regular electrolytic capacitors back-to-back, which safely handles alternating polarity. You can also use ceramic capacitors, but you might not get high capacitance values in its size.

I hope this helps clarify why capacitor polarity matters. Always remember to verify the polarity markings carefully. It’s a simple practice that ensures you don’t have headaches later.

Last month came across a document released by US cyber defence agency and never really got time to look into in detail. I think this deserves more attention. It details that a patient monitor Contec CMS8000, used in many hospitals to track vitals like heart rate and oxygen levels, contains a firmware backdoor.

This backdoor is hardcoded into the device. When it powers on, it quietly tries to connect to a specific IP address not owned by Contec, but a university in China. Once connected, it mounts a remote file system and copies files into critical system directories, overwriting whatever is already there. There’s no integrity check, no version tracking, and no logging. The device just accepts and runs whatever it gets.

Technically, this is done using standard Linux commands like “ifconfig eth0 up” to enable the network, then “mount -t nfs” to reach the remote server, followed by “cp -rf” to replace files. These commands essentially hand over control of the device to whoever controls that IP. Even worse, patient data like ECG, SpO2, and blood pressure is transmitted to that same IP address over port 515 (normally used for old printer systems), not even using proper medical protocols. There’s no encryption, no authentication, just raw patient data streamed out. Meaning, if a remote handler wants, they can get your full data without any fuss. They can also just show any random readings/waveforms on screen with the backdoor. To me, this isn’t just a firmware bug. It’s really badly coded feature or more likely a backdoor for future remote access.

BTW this a white label device sold even in India under different resellers and brand names. Search for similar images on Indiamart or similar, you will get them. I don’t think anyone in India cares where their data ends up. Not sure why there isn’t any media outcry against this locally.

Anyway, if anyone from any hospital IT team is reading this and has this device (or any from its family), please remove network connectivity of this device. In an age where we trust machines with lives, we need to ask: who controls the code inside the box?