But a keypair is just a pair of numbers that satisfy some one-way function. If there's a way to generate the keypair from iris data from a human, then surely there's a way to generate an indistinguishable keypair using some fake data that plausibly could have come from an iris (ie it shares some of the same number theoretic and distribution properties) but did not. If that's the case, then the only part of the "proof of humanity" left to attack is to spoof the hardware so things think they are calling the iris scanner and getting a real key from a real human and instead they are calling the mock iris scanner and getting a plausible but not real key from a non-human. If the solution is something along the lines of "well we thought of that so a genuine worldcoin iris scanner has to sign the data to prove that it came from a worldcoin device" then I would bet you can get hold of a signing key using social engineering. If this thing was to take off it could be valuable to do so and many of the people operating the devices would be in countries with very low GDP per capita so it could well be in the realm of possibility to bribe your way to getting it.
I'm sure they must have thought about this but I don't understand the solution.
Each Orb has a private signing key that's generated + stored inside a secure element. For more info, search for "secure element" in the following sections of the whitepaper:
I'm sure they must have thought about this but I don't understand the solution.