2112, you're right to call baloney.

A real hardware UART is a standard feature in microcontrolers. (for example)

I would be hard pressed to find a microcontroller datasheet that didn't have one. Even if I did, such a datasheet wouldn't necessarily go out of its way to explain that I the programmer of said micro could achieve the same functionality in software by bit banging general purpose IO pins. It would more likely be documented in a data sheet if such functionality were specifically included in firmware.

There are two commercial products I know of that had no UART and had RS-232 bit banged on general purpose (user) io pins, the low cost VIC-20 and Commodore 64. I think support for this was included in the firmwares.

With UARTs being ubiquitous and with bit banging being very inefficient, I would say there is next to no chance that any USB RS-232 adapter does that. I was wrong to raise it as a possibility. It's safe to assume they all have a hardware UART on the RS-232 side of them.

You only need to worry about the USB side of the signing machine. On reflection, that Wired article may have over-hyped the dangers. USB devices can't just arbitrarily read/write any system memory can they? I think a malicious USB device has to be more sneaky.