Well, in this case, it's the NIICT (National Institute of Information and Communications Technology) and it sounds like their efforts will stop at rainbow-tabling the devices such as IP cameras etc, to see which have default credentials or weak credentials.
The problem is that the normal, every day people who run these devices, on the most part, don't understand that not only are they open to the internet, most manufacturers provide Dynamic DNS making it painfully easy to search for them. Further still, these manufacturers set the same default password for every device. Some have been known to leave the "empty" credential slots usable. Due to poor programming, you could simply login with no credentials at all.
I have to agree, I'd be hard pressed to decide whether I would or wouldn't accept this "survey", but, with notice, like people are being given here, you can mitigate the risks (cover the cameras, remove the data etc) and be told there are weaknesses in your system, or alternatively, not know and have some unknown accessing them at any point they wish, for any reason they wish.
The problem is that the normal, every day people who run these devices, on the most part, don't understand that not only are they open to the internet, most manufacturers provide Dynamic DNS making it painfully easy to search for them. Further still, these manufacturers set the same default password for every device. Some have been known to leave the "empty" credential slots usable. Due to poor programming, you could simply login with no credentials at all.
I have to agree, I'd be hard pressed to decide whether I would or wouldn't accept this "survey", but, with notice, like people are being given here, you can mitigate the risks (cover the cameras, remove the data etc) and be told there are weaknesses in your system, or alternatively, not know and have some unknown accessing them at any point they wish, for any reason they wish.