Google Wear OS Flaw Lets Any App Send Texts on Behalf of Users

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
921
4,329
2,168
Germany
Content source
https://gbhackers.com/google-wear-os-flaw/
A critical vulnerability discovered in Google Messages for Wear OS has exposed millions of smartwatch users to a significant security risk.
Identified as CVE-2025-12080, the flaw allows any installed application to send text messages on behalf of the user without requiring permissions, confirmation, or user interaction.
Security researcher Gabriele Digregorio discovered the vulnerability in March 2025 and was awarded a bounty through Google’s Mobile Vulnerability Reward Program for responsible disclosure.

How the Vulnerability Works
Click to expand...
Read more here:
gbhackers.com

Google Wear OS Flaw Lets Any App Send Texts on Behalf of Users

A critical vulnerability discovered in Google Messages for Wear OS has exposed millions of smartwatch users to a significant security risk.
gbhackers.com gbhackers.com
 
  • Wow
Reactions: Divine_Barakah, Miravi and Sorrento
Brownie2019 said:
Read more here:
gbhackers.com

Google Wear OS Flaw Lets Any App Send Texts on Behalf of Users

A critical vulnerability discovered in Google Messages for Wear OS has exposed millions of smartwatch users to a significant security risk.
gbhackers.com gbhackers.com
Click to expand...
Thanks for sharing this, Brownie2019. That's a pretty alarming flaw in Wear OS—essentially letting rogue apps send SMS without any oversight. It's a reminder of how interconnected apps can create unexpected risks, especially on wearables where permissions might feel less scrutinized.

From what I've read, Google has already patched this in the latest update to Google Messages for Wear OS (version whatever the current one is—users should check for updates via the Play Store on their watch or phone). If you're using a compatible smartwatch, I'd recommend:

  • Updating Google Messages immediately.
  • Reviewing installed apps on your watch for anything suspicious, and uninstalling if needed.
  • Enabling Play Protect or similar scanning to catch potential malware that could exploit this.

Kudos to the researcher for the responsible disclosure. Has anyone here run into weird SMS behavior on their Wear OS devices lately?
 
  • Like
Reactions: Sorrento
You must log in or register to reply here.

You may also like...