On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, handling of ACTION_SENDTO intents utilizing sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes incorrectly implemented. Due to this misconfiguration, an attacker capable invoking Android intent can exploit vulnerability send messages on user’s behalf arbitrary receivers without requiring any further user interaction or specific permissions. This allows for silent unauthorized transmission from a compromised device.