How about just requiring the first word in the SMS to be a predefined password, or SMScon would not parse the SMS futher nor do what the SMS-command would tell.

For example, I would configure a password "foobar". SMS-messages which would work would be something like:
foobar Remoteon
foobar Location

However, if someone tries to send a command with a wrong password "barfoo", the SMScon would ignore that SMS.

barfoo Remooff
barfoo Location


The security risk without this kind of password is in those countries where there is corruption. Someone working in an GSM operator you are using, can fake phone numbers, redirect SMS-messages and all kind of nasty stuff.

Right now if reply SMS and remote-ssh commands are done to only predefined addresses, it may not be a problem, but for example if remote-ssh-command can have a ssh-server's IP-address as a parameter, it is a huge problem already.

Also think if you had "Siren" command to SMScon. So when there is SMS with a command "Siren", the phone would max out the voice volume and make as much noice as it can. Could be usefull in some cases when the phone is just stolen few seconds or minutes ago or you do not remember where you have put it in some messy room. Someone sending "Siren" just to annoy would now work, as SMScon does not require password.