It’s folly to assert that anything is un-hackable. However, a Riveted phone is a significantly more complex target than an online service or mobile app. There is no password to phish or key file to copy.
To compromise a Rivet, one must crack the physical hardware of the device, something that, purposely, has been made difficult to do. Furthermore, the Trusted User Interface (TUI) available on many TEE-enabled devices is displayed with visual clues that make it exceedingly difficult to fool the user with a false display, and is obscured from the device's operating system.