That's horribly insecure and allows anyone who finds out (or guesses) the recipient address and a valid phone number to run any command they like on your machine.
To do this at least somewhat securely you should encrypt your command with a private key unique to the sender and only execute if it can be decrypted with the public key stored on the recipient machine. Personally I'd still not use that and rather set up a system that performs specific actions only (instead of blindly executing any command it receives), but that's just me.
|